CVSS: 10.0EPSS: 9%CPEs: 48EXPL: 0CVE-2008-4541
https://notcve.org/view.php?id=CVE-2008-4541
Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. Un desbordamiento de búfer en la región heap de la memoria en el subsistema FTP en Sun Java System Web Proxy Server versiones 4.0 hasta 4.0.7, permite a los atacantes remotos ejecutar código arbitrario por medio de una petición GET de HTTP diseñada. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=747 http://secunia.com/advisories/32227 http://securitytracker.com/id?1021038 http://sunsolve.sun.com/search/document.do?assetkey=1-26-242986-1 http://www.securityfocus.com/bid/31691 http://www.vupen.com/english/advisories/2008/2781 https://exchange.xforce.ibmcloud.com/vulnerabilities/45782 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 1%CPEs: 30EXPL: 0CVE-2008-3683
https://notcve.org/view.php?id=CVE-2008-3683
Unspecified vulnerability in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.5 before SP6 allows remote attackers to cause a denial of service (failure to accept connections) via unknown vectors, probably related to exhaustion of file descriptors. Una vulnerabilidad sin especificar en el subsistema de FTP en Sun Java System Web Proxy Server 4.0.5 antes de SP6 permite a atacantes remotos provocar una denegación de servicio (fallo al aceptar conexiones) a través de vectores desconocidos, probablemente relacionados con el agotamiento de los descriptores de ficheros. • http://secunia.com/advisories/31476 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240327-1 http://www.securityfocus.com/bid/30671 http://www.securitytracker.com/id?1020696 http://www.vupen.com/english/advisories/2008/2366 https://exchange.xforce.ibmcloud.com/vulnerabilities/44413 •
CVSS: 10.0EPSS: 14%CPEs: 2EXPL: 0CVE-2008-3551
https://notcve.org/view.php?id=CVE-2008-3551
Multiple unspecified vulnerabilities in Sun Java Platform Micro Edition (aka Java ME, J2ME, or mobile Java), as distributed in Sun Wireless Toolkit 2.5.2, allow remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Múltiples vulnerabilidades no especificadas en Sun Java Platform Micro Edition (también conocido como Java ME, J2ME, o mobile Java), como lo distribuido enSun Wireless Toolkit 2.5.2, permiten a atacantes remotos ejecutar código de su elección a través de vectores no especificados. NOTA: a fecha 07/08/2008, la única revelación es un vago preaviso sin información de uso inmediato. Sin embargo, dado que proviene de un investigador reputado, se le ha asignado un identificador CVE con propósito de seguimiento. • http://www.security-explorations.com/n2press.htm http://www.security-explorations.com/n2srp.htm http://www.security-explorations.com/n2vendors.htm http://www.security-explorations.com/report_toc.pdf http://www.securityfocus.com/archive/1/495224/100/0/threaded http://www.securityfocus.com/bid/30591 https://exchange.xforce.ibmcloud.com/vulnerabilities/44478 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2008-3440
https://notcve.org/view.php?id=CVE-2008-3440
Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. Sun Java versión 1.6.0_03 y anteriores, y posiblemente versiones posteriores, no comprueba apropiadamente la autenticidad de las actualizaciones, lo que permite a los atacantes de tipo man-in-the-middle ejecutar código arbitrario por medio de una actualización de tipo caballo de Troya, como es demostrado por evilgrade y Envenenamiento de caché DNS. • http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html http://securitytracker.com/id?1020584 http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3425
https://notcve.org/view.php?id=CVE-2008-3425
Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors. Vulnerabilidad sin especificar en el Plugin Sun Java System Web Server 7.0 de Sun N1 Service Provisioning System (SPS) 5.2 y 6.0, permite a los usuarios remotos autenticados de SPS obtener acceso administrativo al web server a través de vectores de ataque desconocidos. • http://secunia.com/advisories/31301 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239566-1 http://www.securityfocus.com/bid/30451 http://www.securitytracker.com/id?1020608 http://www.vupen.com/english/advisories/2008/2261/references https://exchange.xforce.ibmcloud.com/vulnerabilities/44114 • CWE-287: Improper Authentication •