ID CVE-2010-3544
Summary Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect integrity and availability via unknown vectors related to Administration. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable source that this is cross-site request forgery (CSRF) that allows remote attackers to stop an instance via the management console.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:sun_products_suite:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:sun_products_suite:7.0:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 07-02-2013 - 05:00)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:P
refmap via4
cert TA10-287A
confirm http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
jvn JVN#50133036
jvndb JVNDB-2010-000042
Last major update 07-02-2013 - 05:00
Published 14-10-2010 - 18:00
Last modified 07-02-2013 - 05:00
Back to Top