ID CVE-2008-1286
Summary Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:10:-:sparc
    cpe:2.3:o:sun:solaris:10:-:sparc
  • cpe:2.3:o:sun:solaris:10:-:x86
    cpe:2.3:o:sun:solaris:10:-:x86
  • cpe:2.3:o:sun:solaris:8:-:sparc
    cpe:2.3:o:sun:solaris:8:-:sparc
  • cpe:2.3:o:sun:solaris:8:-:x86
    cpe:2.3:o:sun:solaris:8:-:x86
  • cpe:2.3:o:sun:solaris:9:-:sparc
    cpe:2.3:o:sun:solaris:9:-:sparc
  • cpe:2.3:o:sun:solaris:9:-:x86
    cpe:2.3:o:sun:solaris:9:-:x86
  • cpe:2.3:a:sun:java_web_console:3.0.2
    cpe:2.3:a:sun:java_web_console:3.0.2
  • cpe:2.3:a:sun:java_web_console:3.0.3
    cpe:2.3:a:sun:java_web_console:3.0.3
  • cpe:2.3:a:sun:java_web_console:3.0.4
    cpe:2.3:a:sun:java_web_console:3.0.4
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
  • cpe:2.3:a:sun:java_web_console:3.0.2
    cpe:2.3:a:sun:java_web_console:3.0.2
CVSS
Base: 7.8 (as of 12-03-2008 - 08:41)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_125950.NASL
    description Oracle Java Web Console 3.1. Date this patch was last updated by Sun : May/14/10
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 27093
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27093
    title Solaris 9 (sparc) : 125950-20
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_125951.NASL
    description Oracle Java Web Console 3.1[_x86]. Date this patch was last updated by Sun : May/14/10
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 27100
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27100
    title Solaris 9 (x86) : 125951-20
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_125953.NASL
    description Oracle Java Web Console 3.1[_x86]. Date this patch was last updated by Sun : May/14/10 This plugin has been deprecated and either replaced with individual 125953 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 27078
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27078
    title Solaris 10 (x86) : 125953-20 (deprecated)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_125953-20.NASL
    description Oracle Java Web Console 3.1[_x86]. Date this patch was last updated by Sun : May/14/10
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107945
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107945
    title Solaris 10 (x86) : 125953-20
  • NASL family Web Servers
    NASL id SUN_JAVA_WEB_CONSOLE_3_0_5.NASL
    description According to its version, the installation of Sun Java Web Console on the remote host may allow a local or remote unprivileged user to determine the existence of files or directories in access restricted directories, which could result in a loss of confidentiality.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 31423
    published 2008-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31423
    title Sun Java Web Console < 3.0.5 Remote File Enumeration
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_136986.NASL
    description Sun Java Web Console 3.0.2_x86: Security fixes. Date this patch was last updated by Sun : Jun/25/09
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 31599
    published 2008-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31599
    title Solaris 8 (x86) : 136986-03
refmap via4
bid 28155
sectrack 1019574
secunia 29290
sunalert 231526
vupen ADV-2008-0806
xf sun-javawebconsole-information-disclosure(41069)
Last major update 07-03-2011 - 22:06
Published 11-03-2008 - 13:44
Last modified 07-08-2017 - 21:30
Back to Top