This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2006-08-01
Product Solaris Last view 2007-04-19
Version 10.0 Type Os
Update hw2  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:solaris

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2007-04-19 CVE-2007-1681

Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog.

5.8 2007-03-07 CVE-2006-7140

The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.

6.6 2006-09-26 CVE-2006-5012

Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors.

7.2 2006-08-23 CVE-2006-4319

Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.

5 2006-08-01 CVE-2006-3968

The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified.

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-96 Block Access to Libraries

Open Source Vulnerability Database (OSVDB)

id Description
34902 Sun Java Web Console libwebconsole_services.so Remote Format String
29555 Solaris RBAC format Command Local Overflow
29153 Solaris syslog Local DoS
28549 OpenSSL RSA Key PKCS #1 v1.5 Signature Forgery
27719 Sun Fire T2000 DSA Signature Verification Weakness

OpenVAS Exploits

id Description
2009-06-03 Name : Solaris Update for /usr/sbin/format 113072-08
File : nvt/gb_solaris_113072_08.nasl
2009-06-03 Name : Solaris Update for format 114423-07
File : nvt/gb_solaris_114423_07.nasl
2009-06-03 Name : Solaris Update for Sun Java Web Console (Lockhart) 121211-02
File : nvt/gb_solaris_121211_02.nasl
2009-06-03 Name : Solaris Update for Sun Java Web Console (Lockhart) 121212-02
File : nvt/gb_solaris_121212_02.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Oracle Java Web Console logging functionality format string exploit attempt
RuleID : 17109 - Type : SERVER-ORACLE - Revision : 5
2014-01-10 Oracle Java web console format string attempt
RuleID : 14615 - Type : SERVER-OTHER - Revision : 7

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-339-1.nasl - Type: ACT_GATHER_INFO
2007-10-12 Name: The remote host is missing Sun Security Patch number 122715-03
File: solaris9_x86_122715.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote host is missing Sun Security Patch number 117123-10
File: solaris9_117123.nasl - Type: ACT_GATHER_INFO
2007-04-23 Name: The remote web server is prone to a format string attack.
File: sun_java_web_console_format_string.nasl - Type: ACT_GATHER_INFO
2007-04-19 Name: The remote host is missing Sun Security Patch number 121211-02
File: solaris10_121211.nasl - Type: ACT_GATHER_INFO
2007-04-19 Name: The remote host is missing Sun Security Patch number 121212-02
File: solaris10_x86_121212.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2006-177.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2006-178.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2006-207.nasl - Type: ACT_GATHER_INFO
2006-12-16 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2006-161.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 116648-25
File: solaris10_116648.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 114045-14
File: solaris8_114045.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 116648-25
File: solaris8_116648.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 116648-25
File: solaris9_116648.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119209-36
File: solaris8_119209.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1174.nasl - Type: ACT_GATHER_INFO
2006-08-21 Name: The remote host is missing Sun Security Patch number 114423-09
File: solaris9_x86_114423.nasl - Type: ACT_GATHER_INFO
2006-08-04 Name: The remote host is missing Sun Security Patch number 113072-08
File: solaris9_113072.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote host is missing Sun Security Patch number 118833-36
File: solaris10_118833.nasl - Type: ACT_GATHER_INFO
2006-02-19 Name: The remote host is missing Sun Security Patch number 117351-61
File: solaris8_x86_117351.nasl - Type: ACT_GATHER_INFO
2006-02-19 Name: The remote host is missing Sun Security Patch number 117350-62
File: solaris8_117350.nasl - Type: ACT_GATHER_INFO
2005-10-19 Name: The remote host is missing Sun Security Patch number 119213-36
File: solaris10_119213.nasl - Type: ACT_GATHER_INFO
2005-10-19 Name: The remote host is missing Sun Security Patch number 119214-36
File: solaris10_x86_119214.nasl - Type: ACT_GATHER_INFO
2005-10-05 Name: The remote host is missing Sun Security Patch number 118558-39
File: solaris9_118558.nasl - Type: ACT_GATHER_INFO
2005-10-05 Name: The remote host is missing Sun Security Patch number 119211-36
File: solaris9_119211.nasl - Type: ACT_GATHER_INFO