CVE-2008-1286

Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1	Patch
http://www.securityfocus.com/bid/28155	Patch
http://secunia.com/advisories/29290	Vendor Advisory
http://www.securitytracker.com/id?1019574
http://www.vupen.com/english/advisories/2008/0806/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41069

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:sun:solaris:9::x86:::::
	cpe:2.3:o:sun:solaris:10::x86:::::
	cpe:2.3:o:sun:solaris:8::sparc:::::
	cpe:2.3:o:sun:solaris:8::x86:::::
	cpe:2.3:o:sun:solaris:9::sparc:::::
	cpe:2.3:o:sun:solaris:10::sparc:::::

OR	cpe:2.3:a:sun:java_web_console:3.0.4:::::::*
	cpe:2.3:a:sun:java_web_console:3.0.2:::::::*
	cpe:2.3:a:sun:java_web_console:3.0.3:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:a:sun:java_web_console:3.0.2:*:*:*:*:*:*:*

Information

Published : 2008-03-11 10:44

Updated : 2017-08-07 18:30

NVD link : CVE-2008-1286

Mitre link : CVE-2008-1286

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

sun

java_web_console
solaris

linux

linux_kernel

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1", "name": "231526", "tags": ["Patch"], "refsource": "SUNALERT"}, {"url": "http://www.securityfocus.com/bid/28155", "name": "28155", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/29290", "name": "29290", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id?1019574", "name": "1019574", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2008/0806/references", "name": "ADV-2008-0806", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41069", "name": "sun-javawebconsole-information-disclosure(41069)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-1286", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-03-11T17:44Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:sun:solaris:9:*:x86:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:sun:solaris:10:*:x86:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:sun:solaris:8:*:sparc:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:sun:solaris:8:*:x86:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:sun:solaris:9:*:sparc:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:sun:solaris:10:*:sparc:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sun:java_web_console:3.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_web_console:3.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_web_console:3.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sun:java_web_console:3.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:30Z"}

7.8 /10