CVE-2007-2881

Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=536	Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102927-1	Patch
http://www.kb.cert.org/vuls/id/746889	US Government Resource
http://www.securityfocus.com/bid/24165
http://www.securitytracker.com/id?1018130
http://secunia.com/advisories/25405
http://www.vupen.com/english/advisories/2007/1957
http://osvdb.org/35841
https://exchange.xforce.ibmcloud.com/vulnerabilities/34524

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:sun:java_system_web_proxy_server:*:*:*:*:*:*:*:*

Information

Published : 2007-05-29 13:30

Updated : 2017-07-28 18:31

NVD link : CVE-2007-2881

Mitre link : CVE-2007-2881

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

sun

java_system_web_proxy_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=536", "name": "20070525 Sun Java System Web Proxy Multiple Buffer Overflow Vulnerabilities", "tags": ["Patch"], "refsource": "IDEFENSE"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102927-1", "name": "102927", "tags": ["Patch"], "refsource": "SUNALERT"}, {"url": "http://www.kb.cert.org/vuls/id/746889", "name": "VU#746889", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/24165", "name": "24165", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1018130", "name": "1018130", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/25405", "name": "25405", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2007/1957", "name": "ADV-2007-1957", "tags": [], "refsource": "VUPEN"}, {"url": "http://osvdb.org/35841", "name": "35841", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34524", "name": "sun-java-web-socks-bo(34524)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-2881", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-05-29T20:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sun:java_system_web_proxy_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.0.4"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:31Z"}