CVE-2010-0272
https://notcve.org/view.php?id=CVE-2010-0272
Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Desbordamiento de búfer basado en memoria dinámica en Sun Java System Web Server v7.0 Update v6 en Linux permite a atacantes remotos descubrir localizaciones del proceso de memoria a través de información manipulada en el puerto 80 TCP, como se ha desmostrado en el módulo vd_sjws2 en VulnDisco. NOTA: A fecha 06/01/2010 esta vulnerabilidad no contiene información determinante. • http://intevydis.com/sjws_demo.html http://www.intevydis.com/blog/?p=102 https://exchange.xforce.ibmcloud.com/vulnerabilities/55527 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-0273
https://notcve.org/view.php?id=CVE-2010-0273
Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad sin especificar en Sun Java System Web Server v7.0 Update v6 en Linux permite a atacantes remotos ejecutar código de su elección enviando una dirección del proceso de memoria y datos manipuladosal puerto 80 TCP, como se ha demostrado en el módulo vd_sjws2 en VulnDisco. NOTA: A fecha 06/01/2010 esta vulnerabilidad no contiene información determinante. • http://intevydis.com/sjws_demo.html http://www.intevydis.com/blog/?p=102 •
CVE-2009-3878
https://notcve.org/view.php?id=CVE-2009-3878
Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Desbordamiento de búfer en Sun Java System Web Server v7.0 Update 6 con impacto no especificado y vectores de ataque remoto, como se demuestra por el módulo vd_sjws en VulnDisco Pack Professional v8.12. NOTA: a la fecha 05/11/2009, no hay ninguna información para utilizar esta vulnerabilidad. • http://intevydis.com/vd-list.shtml http://secunia.com/advisories/37115 http://www.h-online.com/security/news/item/Alleged-critical-vulnerability-in-Sun-Java-System-Web-Server-839598.html http://www.intevydis.com/blog/?p=79 http://www.osvdb.org/59497 http://www.vupen.com/english/advisories/2009/3024 https://exchange.xforce.ibmcloud.com/vulnerabilities/54065 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-2712
https://notcve.org/view.php?id=CVE-2009-2712
Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files. Sun Java System Access Manager v6.3 2005Q1, v7.0 2005Q4, y v7.1; y OpenSSO Enterprise v8.0; cuando AMConfig.properties permite a la marca de depuración, permite a los usuarios locales descubrir contraseñas en texto claro mediante la lectura de archivos de depuración. • http://osvdb.org/56815 http://secunia.com/advisories/36169 http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1 http://www.securityfocus.com/bid/35963 http://www.vupen.com/english/advisories/2009/2177 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-2713
https://notcve.org/view.php?id=CVE-2009-2713
The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors. El componente CDCServlet en Sun Java System Access Manager v7.0 2005Q4 y v7.1, cuando Cross Domain Single Sign On (CDSSO) está habilitado, no garantiza que "policy advice" (aviso de políticas) se presenta al cliente correcto, lo cual permite a un atacante remoto obtener información sensible a través de vectores no especificados. • http://secunia.com/advisories/36167 http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1 http://www.securityfocus.com/bid/35961 http://www.vupen.com/english/advisories/2009/2176 •