CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2007-5152
https://notcve.org/view.php?id=CVE-2007-5152
Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks. Sun Java System Access Manager 7.1, cuando se instala en un contenedor Sun Java System Application Server 9.1, no requiere la autentificación después del reinicio del contenedor, el cual permite a atatacantes remotos realizar tareas administrativas. • http://osvdb.org/37758 http://secunia.com/advisories/26976 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103069-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200839-1 http://www.securityfocus.com/bid/25842 http://www.securitytracker.com/id?1018753 http://www.vupen.com/english/advisories/2007/3282 https://exchange.xforce.ibmcloud.com/vulnerabilities/36846 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 82%CPEs: 4EXPL: 2CVE-2007-5019 – Sun jre1.6.0_X - isInstalled.dnsResolve Function Overflow
https://notcve.org/view.php?id=CVE-2007-5019
Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment (JRE) 1.6.0_X allows remote attackers to have an unknown impact via a long argument to the dnsResolve (isInstalled.dnsResolve) method. Desbordamiento de búfer en el control ActiveX Sun Java Web Start del Java Runtime Environment (JRE) 1.6.0_X permite a atacantes remotos tener un impacto desconocido a través del uso de un argumento largo en el método dnsResolve (isInstalled.dnsResolve) • https://www.exploit-db.com/exploits/4432 http://osvdb.org/38297 http://www.securityfocus.com/bid/25734 https://exchange.xforce.ibmcloud.com/vulnerabilities/36682 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 14%CPEs: 1EXPL: 0CVE-2007-4511
https://notcve.org/view.php?id=CVE-2007-4511
The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass intended policy. La consola Sun Admin en Sun Application Server 9.0_0.1 no aplica ciertos cambios de configuración persistentes, lo cual provoca que los servicios de escucha (1) SSL y (2) SSL_MutualAuth ORB a habilitados, todos los protocolos y códigos son reiniciados, posiblemente llevandose a cabo ataques remotos evitando las políticas de validación. • http://osvdb.org/45828 http://www.securityfocus.com/archive/1/477315/100/0/threaded http://www.securityfocus.com/bid/25400 https://exchange.xforce.ibmcloud.com/vulnerabilities/36169 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4289
https://notcve.org/view.php?id=CVE-2007-4289
Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715. El Sun Java System Portal Server 7.0 no procesa correctamente las hojas de estilo XSLT en las transformaciones XSLT de las firmas XSLT, lo que permite a atacantes depedientes del contexto, ejecutar métodos Java de su elección a través de hojas de estilo modificadas. Vulnerabilidad relacionada con la CVE-2007-3715. • http://secunia.com/advisories/26327 http://securitytracker.com/id?1018513 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103015-1 http://www.isecpartners.com/advisories/2007-04-dsig.txt http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf http://www.securityfocus.com/archive/1/473553/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/35811 •
CVSS: 7.5EPSS: 3%CPEs: 9EXPL: 0CVE-2007-4164
https://notcve.org/view.php?id=CVE-2007-4164
CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. Vulnerabilidad de inyección CRLF (retorno de carro y nueva línea) en la funcionalidad de redirección de Sun Java System Web SErver 6.1 y 7.0 anterior al 02/08/2007, cuando la Función de Aplicación de Servidor (SAF) redirect usa el parámetro url-prefix y escape está deshabilitado, o una directiva de Error usa el parámetro url-prefix en obj.conf, permite a atacantes remotos inyectar cabeceras HTTP de su elección y llevar a cabo ataques de división de respuesta HTTP. • http://secunia.com/advisories/26326 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103003-1 http://www.securityfocus.com/bid/25190 http://www.securitytracker.com/id?1018504 http://www.vupen.com/english/advisories/2007/2766 https://exchange.xforce.ibmcloud.com/vulnerabilities/35783 •