CVSS: 7.5EPSS: 8%CPEs: 10EXPL: 0CVE-2007-1681
https://notcve.org/view.php?id=CVE-2007-1681
Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog. Vulnerabilidad de formato de cadena en libwebconsole_services.so de Sun Java Web Console 2.2.2 hasta 2.2.5 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación), obtener información confidencial, y posiblemente ejecutar código de su elección mediante vectores no especificados durante un intento fallido de autenticación en el sistema, referido a syslog. • http://osvdb.org/34902 http://secunia.com/advisories/24927 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1 http://www.nruns.com/security_advisory_sun_java_format_string.php http://www.securityfocus.com/archive/1/466048/100/0/threaded http://www.securityfocus.com/bid/23539 http://www.securitytracker.com/id?1017930 http://www.vupen.com/english/advisories/2007/1443 https://exchange.xforce.ibmcloud.com/vulnerabilities/33731 https://oval.cisecurity.org/repository/ •
CVSS: 7.8EPSS: 2%CPEs: 3EXPL: 0CVE-2006-4175
https://notcve.org/view.php?id=CVE-2006-4175
The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations. El servidor LDAP (ns-slapd) de Sun Java System Directory Server 5.2 Patch4 y anteriores y ONE Directory Server 5.1 y 5.2 permite a atacantes remotos provocar una denegación de servicio (caída) mediante peticiones mal formadas, probablemente peticiones BER mal formadas, las cuales disparan una liberación de posiciones de memoria sin inicializar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=491 http://secunia.com/advisories/24634 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102853-1 http://www.osvdb.org/33524 http://www.securityfocus.com/bid/23117 http://www.securitytracker.com/id?1017814 http://www.vupen.com/english/advisories/2007/1090 https://exchange.xforce.ibmcloud.com/vulnerabilities/33189 • CWE-824: Access of Uninitialized Pointer •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1526
https://notcve.org/view.php?id=CVE-2007-1526
Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors. El Servidor Web Sun Java System 6.1 anterior al 20070314 permite a usuarios remotos autenticados con certificados de cliente revocados, evitar el control CRL (Lista de Certificados Revocados) y acceder a instancias seguras del servidor web que corren bajo cuentas diferentes de la utilizado por el administrador del servidor mediante vectores sin especificar. • http://osvdb.org/34074 http://secunia.com/advisories/24531 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102822-1 http://www.securitytracker.com/id?1017777 http://www.vupen.com/english/advisories/2007/0958 •
CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 0CVE-2007-1488
https://notcve.org/view.php?id=CVE-2007-1488
Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application. Una vulnerabilidad no especificada en Sun Java System Web Server versiones 6.0 y 6.1 anterior a 20070315, permite a atacantes remotos "gain unauthorized access to data", lo que posiblemente involucre una aplicación de muestra. • http://osvdb.org/34080 http://secunia.com/advisories/24545 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102833-1 http://www.securityfocus.com/bid/22993 http://www.securitytracker.com/id?1017788 http://www.vupen.com/english/advisories/2007/0972 https://exchange.xforce.ibmcloud.com/vulnerabilities/33016 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1419
https://notcve.org/view.php?id=CVE-2007-1419
The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol (JMX RMI-IIOP) API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server application accessed by a privileged remote authenticated user. La interfaz de programación de aplicaciones para el protocolo JMX RMI-IIOP (Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol) en Java Dynamic Management Kit 5.1 anterior a 20070309 no impone adecuadamente la política java.policy, lo cual permite a usuarios locales obtener acceso a datos de determinados MBeans operando una aplicación de servidor accedida por un usuario remoto autenticado con privilegios. • http://osvdb.org/34018 http://secunia.com/advisories/24497 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102835-1 http://www.securityfocus.com/bid/22907 http://www.securitytracker.com/id?1017745 http://www.vupen.com/english/advisories/2007/0906 •