ID CVE-2007-3700
Summary Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth.
References
Vulnerable Configurations
  • cpe:2.3:a:sun:java_system_access_manager:*:*:*:*:*:*:*:*
    cpe:2.3:a:sun:java_system_access_manager:*:*:*:*:*:*:*:*
CVSS
Base: 1.7 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:S/C:P/I:N/A:N
refmap via4
bid 24859
osvdb 37249
sectrack 1018370
secunia 26030
sunalert
  • 101918
  • 200386
vupen ADV-2007-2496
xf sun-jsam-message-information-disclosure(35339)
Last major update 29-07-2017 - 01:32
Published 11-07-2007 - 23:30
Last modified 29-07-2017 - 01:32
Back to Top