Vulnerability-Lookup

CVE-2005-3472 (GCVE-0-2005-3472)

Vulnerability from cvelistv5 – Published: 2005-11-03 02:00 – Updated: 2024-08-07 23:10

Summary

Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

6 references

URL	Tags
http://www.osvdb.org/20448	vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/15271	vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2005/2274	vdb-entryx_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
http://secunia.com/advisories/17395	third-party-advisoryx_refsource_SECUNIA
http://securitytracker.com/id?1015135	vdb-entryx_refsource_SECTRACK

Date Public

2005-11-01 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:10:09.004Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20448",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/20448"
          },
          {
            "name": "15271",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15271"
          },
          {
            "name": "ADV-2005-2274",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2274"
          },
          {
            "name": "101948",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
          },
          {
            "name": "17395",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17395"
          },
          {
            "name": "1015135",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015135"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-11-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-18T10:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20448",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/20448"
        },
        {
          "name": "15271",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15271"
        },
        {
          "name": "ADV-2005-2274",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2274"
        },
        {
          "name": "101948",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
        },
        {
          "name": "17395",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17395"
        },
        {
          "name": "1015135",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015135"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3472",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20448",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/20448"
            },
            {
              "name": "15271",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15271"
            },
            {
              "name": "ADV-2005-2274",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2274"
            },
            {
              "name": "101948",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
            },
            {
              "name": "17395",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17395"
            },
            {
              "name": "1015135",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015135"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3472",
    "datePublished": "2005-11-03T02:00:00.000Z",
    "dateReserved": "2005-11-02T00:00:00.000Z",
    "dateUpdated": "2024-08-07T23:10:09.004Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2005-3472",
      "date": "2026-05-30",
      "epss": "0.00568",
      "percentile": "0.68855"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:java_system_communications_express:2004q2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"28D5E8CB-3378-4267-B8B5-ED8FC8332EAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:java_system_communications_express:2005q1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79AEF095-3C38-4F6F-987D-557A0DC89FDE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.\"}]",
      "id": "CVE-2005-3472",
      "lastModified": "2024-11-21T00:01:58.717",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2005-11-03T02:02:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/17395\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1015135\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/20448\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/15271\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2005/2274\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/17395\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1015135\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/20448\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/15271\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2005/2274\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2005-3472\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-11-03T02:02:00.000\",\"lastModified\":\"2026-04-16T00:27:16.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:java_system_communications_express:2004q2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28D5E8CB-3378-4267-B8B5-ED8FC8332EAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:java_system_communications_express:2005q1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79AEF095-3C38-4F6F-987D-557A0DC89FDE\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/17395\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1015135\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/20448\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/15271\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2005/2274\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/17395\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1015135\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/20448\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/15271\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2005/2274\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2005-3472

Vulnerability from fkie_nvd - Published: 2005-11-03 02:02 - Updated: 2026-04-16 00:27

Severity

Summary

Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/17395	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1015135
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1	Patch, Vendor Advisory
cve@mitre.org	http://www.osvdb.org/20448
cve@mitre.org	http://www.securityfocus.com/bid/15271
cve@mitre.org	http://www.vupen.com/english/advisories/2005/2274
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17395	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015135
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/20448
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15271
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2005/2274

Impacted products

	Vendor	Product	Version
	sun	java_system_communications_express	2004q2
	sun	java_system_communications_express	2005q1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:java_system_communications_express:2004q2:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D5E8CB-3378-4267-B8B5-ED8FC8332EAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_communications_express:2005q1:*:*:*:*:*:*:*",
              "matchCriteriaId": "79AEF095-3C38-4F6F-987D-557A0DC89FDE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files."
    }
  ],
  "id": "CVE-2005-3472",
  "lastModified": "2026-04-16T00:27:16.627",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-11-03T02:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17395"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1015135"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/20448"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15271"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/2274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17395"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/20448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/2274"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-44XC-2PMV-465W

Vulnerability from github – Published: 2022-05-01 02:18 – Updated: 2022-05-01 02:18

Details

Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2005-3472"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-11-03T02:02:00Z",
    "severity": "MODERATE"
  },
  "details": "Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.",
  "id": "GHSA-44xc-2pmv-465w",
  "modified": "2022-05-01T02:18:23Z",
  "published": "2022-05-01T02:18:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3472"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17395"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015135"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/20448"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/15271"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2005/2274"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2005-3472

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.

Aliases

CVE-2005-3472

Aliases

CVE-2005-3472

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-3472",
    "description": "Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.",
    "id": "GSD-2005-3472"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-3472"
      ],
      "details": "Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.",
      "id": "GSD-2005-3472",
      "modified": "2023-12-13T01:20:12.587311Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2005-3472",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20448",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/20448"
          },
          {
            "name": "15271",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/15271"
          },
          {
            "name": "ADV-2005-2274",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2005/2274"
          },
          {
            "name": "101948",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
          },
          {
            "name": "17395",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/17395"
          },
          {
            "name": "1015135",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015135"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sun:java_system_communications_express:2004q2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:java_system_communications_express:2005q1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3472"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "101948",
              "refsource": "SUNALERT",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
            },
            {
              "name": "17395",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/17395"
            },
            {
              "name": "1015135",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1015135"
            },
            {
              "name": "15271",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/15271"
            },
            {
              "name": "20448",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/20448"
            },
            {
              "name": "ADV-2005-2274",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2005/2274"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2011-03-08T02:26Z",
      "publishedDate": "2005-11-03T02:02Z"
    }
  }
}

VAR-200511-0479

Vulnerability from variot - Updated: 2023-12-18 13:58

Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files. A remote attacker may obtain application configuration files.

SOLUTION: Apply patches.

-- SPARC Platform (Solaris 8, 9 and 10) --

Apply patch 118540-21 or later.

-- x86 Platform (Solaris 8, 9 and 10) --

Apply patch 118541-21 or later.

-- Linux Platform --

Apply patch 118542-21 or later.

PROVIDED AND/OR DISCOVERED BY: Reported by vendor.

ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200511-0479",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "java system communications express",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sun",
        "version": "2004q2"
      },
      {
        "model": "java system communications express",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sun",
        "version": "2005q1"
      },
      {
        "model": "java system communications express 2005q1",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "java system communications express 2004q2",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "15271"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3472"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-094"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sun:java_system_communications_express:2004q2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:java_system_communications_express:2005q1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3472"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "This issue was reported by Sun.",
    "sources": [
      {
        "db": "BID",
        "id": "15271"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-094"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2005-3472",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2005-3472",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200511-094",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3472"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-094"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files. \nA remote attacker may obtain application configuration files. \n\nSOLUTION:\nApply patches. \n\n-- SPARC Platform (Solaris 8, 9 and 10) --\n\nApply patch 118540-21 or later. \n\n-- x86 Platform (Solaris 8, 9 and 10) --\n\nApply patch 118541-21 or later. \n\n-- Linux Platform --\n\nApply patch 118542-21 or later. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by vendor. \n\nORIGINAL ADVISORY:\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3472"
      },
      {
        "db": "BID",
        "id": "15271"
      },
      {
        "db": "PACKETSTORM",
        "id": "41189"
      }
    ],
    "trust": 1.26
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "15271",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "17395",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "20448",
        "trust": 1.6
      },
      {
        "db": "SECTRACK",
        "id": "1015135",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2005-2274",
        "trust": 1.6
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3472",
        "trust": 1.6
      },
      {
        "db": "SUNALERT",
        "id": "101948",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-094",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "41189",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "15271"
      },
      {
        "db": "PACKETSTORM",
        "id": "41189"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3472"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-094"
      }
    ]
  },
  "id": "VAR-200511-0479",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.18333334
  },
  "last_update_date": "2023-12-18T13:58:31.307000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3472"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/17395"
      },
      {
        "trust": 1.6,
        "url": "http://securitytracker.com/id?1015135"
      },
      {
        "trust": 1.6,
        "url": "http://www.osvdb.org/20448"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/15271"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2005/2274"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2005/2274"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/17395/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6026/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "15271"
      },
      {
        "db": "PACKETSTORM",
        "id": "41189"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3472"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-094"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "15271"
      },
      {
        "db": "PACKETSTORM",
        "id": "41189"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3472"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-094"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-11-02T00:00:00",
        "db": "BID",
        "id": "15271"
      },
      {
        "date": "2005-11-03T01:02:14",
        "db": "PACKETSTORM",
        "id": "41189"
      },
      {
        "date": "2005-11-03T02:02:00",
        "db": "NVD",
        "id": "CVE-2005-3472"
      },
      {
        "date": "2005-11-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200511-094"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-11-02T00:00:00",
        "db": "BID",
        "id": "15271"
      },
      {
        "date": "2011-03-08T02:26:34.407000",
        "db": "NVD",
        "id": "CVE-2005-3472"
      },
      {
        "date": "2005-11-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200511-094"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-094"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sun Java System Communications Express Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "15271"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-094"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-094"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2005-3472 (GCVE-0-2005-3472)

FKIE_CVE-2005-3472

GHSA-44XC-2PMV-465W

GSD-2005-3472

VAR-200511-0479

Tags

Sightings

Nomenclature