Executive Summary
Summary | |
---|---|
Title | Sun Alert 101918 Security Vulnerability in the Logging Output of Sun Java System Access Manager |
Informations | |||
---|---|---|---|
Name | SUN-101918 | First vendor Publication | 2007-07-10 |
Vendor | Sun | Last vendor Modification | 2007-07-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:S/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 1.7 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.1 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Sun Java System Access Manager 2004Q2, Sun Java System Access Manager 6 2005Q1, Sun Java System Identity Server 6.1 When the debug level within Sun Java System Access Manager (formerly Sun Java System Identity Server) is set to "message," login passwords may be logged in plain text and are therefore readable by local unprivileged users. This would allow that user to gain unauthorized access to user identities which are managed by Sun Java System Access Manager. Avoidance: Patch, Workaround State: Workaround First released: 10-Jul-2007 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_101918_security_vulnerability |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
37249 | Sun Java System Access Manager /var/opt/SUNWam/debug/amAuth Cleartext Passwor... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119465-17 File : solaris10_119465.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119465-17 File : solaris10_x86_119465.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119465-17 File : solaris8_119465.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119465-17 File : solaris8_x86_119465.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119465-17 File : solaris9_119465.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119465-17 File : solaris9_x86_119465.nasl - Type : ACT_GATHER_INFO |