Описание
Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sun:java_web_console:2.2.2:*:x86:*:*:*:*:*
cpe:2.3:a:sun:java_web_console:2.2.3:*:x86:*:*:*:*:*
cpe:2.3:a:sun:java_web_console:2.2.4:*:x86:*:*:*:*:*
cpe:2.3:a:sun:java_web_console:2.2.5:*:x86:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:10.0:hw2:*:*:*:*:*:*
Конфигурация 3
Одно из
cpe:2.3:a:sun:java_web_console:2.2.2:*:x86:*:*:*:*:*
cpe:2.3:a:sun:java_web_console:2.2.3:*:x86:*:*:*:*:*
cpe:2.3:a:sun:java_web_console:2.2.4:*:x86:*:*:*:*:*
cpe:2.3:a:sun:java_web_console:2.2.5:*:x86:*:*:*:*:*
EPSS
Процентиль: 90%
0.05106
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog.
EPSS
Процентиль: 90%
0.05106
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other