Executive Summary
Summary | |
---|---|
Title | Sun Alert 240506 Security Vulnerabilities in Sun Ray Server Software and Sun Ray Windows Connector May Compromise the Sun Ray Administration Password |
Informations | |||
---|---|---|---|
Name | SUN-240506 | First vendor Publication | 2008-12-05 |
Vendor | Sun | Last vendor Modification | 2010-01-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 3.1 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Sun Ray Server Software 3.0, Sun Ray Server Software 4.0, Sun Ray Connector for Windows Operating Systems 1.1, Sun Ray Connector for Windows Operating Systems 2.0 Security vulnerabilities in Sun Ray Server Software and Sun Ray WindowsConnector may allow a local unprivileged user to gain access to the SunRay administration password while the software products are beingconfigured. This would in turn allow unauthorized remote access to theSun Ray Data Store and unauthorized access to the Sun RayAdministration GUI as the built-in 'admin' user. State: Resolved First released: 05-Dec-2008 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_240506_security_vulnerabilities |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
51176 | Sun Ray Server Software (SRSS) utconfig Configuration Process LDAP Password L... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-12-17 | Name : The remote host is missing Sun Security Patch number 127553-08 File : solaris10_127553.nasl - Type : ACT_GATHER_INFO |
2008-12-17 | Name : The remote host is missing Sun Security Patch number 127556-05 File : solaris10_127556.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 120879-08 File : solaris10_120879.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 118979-04 File : solaris8_118979.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 120879-08 File : solaris8_120879.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 118979-04 File : solaris9_118979.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 120879-08 File : solaris9_120879.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-02-06 19:08:18 |
|