CVE-2007-4025

Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103000-1	Patch
http://secunia.com/advisories/26187	Patch Vendor Advisory
http://www.securityfocus.com/bid/25058
http://www.securitytracker.com/id?1018452
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201537-1
http://osvdb.org/37250
http://www.vupen.com/english/advisories/2007/2647
https://exchange.xforce.ibmcloud.com/vulnerabilities/35579

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sun:java_system_application_server:8.1::enterprise:::::
	cpe:2.3:a:sun:java_system_application_server:8.1::platform:::::
	cpe:2.3:a:sun:java_system_application_server:8.2::platform:::::
	cpe:2.3:a:sun:java_system_application_server:9.0::platform:::::
	cpe:2.3:a:sun:java_system_application_server:8.1:ur1:platform:::::*
	cpe:2.3:a:sun:java_system_application_server:8.2::enterprise:::::

Information

Published : 2007-07-26 12:30

Updated : 2017-07-28 18:32

NVD link : CVE-2007-4025

Mitre link : CVE-2007-4025

JSON object : View

CWE

NVD-CWE-Other

Products Affected

sun

java_system_application_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103000-1", "name": "103000", "tags": ["Patch"], "refsource": "SUNALERT"}, {"url": "http://secunia.com/advisories/26187", "name": "26187", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/25058", "name": "25058", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1018452", "name": "1018452", "tags": [], "refsource": "SECTRACK"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201537-1", "name": "201537", "tags": [], "refsource": "SUNALERT"}, {"url": "http://osvdb.org/37250", "name": "37250", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/2647", "name": "ADV-2007-2647", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35579", "name": "sunjava-windows-source-disclosure(35579)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-4025", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-07-26T19:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sun:java_system_application_server:8.1:*:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_application_server:8.1:*:platform:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_application_server:8.2:*:platform:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_application_server:9.0:*:platform:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_application_server:8.1:ur1:platform:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_application_server:8.2:*:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:32Z"}

4.3 /10