Lucene search

[email protected]CVE-2009-3878

HistoryNov 05, 2009 - 4:30 p.m.

CVE-2009-3878

2009-11-0516:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-3878

buffer overflow

sun java system web server

remote attack vectors

vulnerability

6.8 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

70.2%

JSON

Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

Affected configurations

NVD

Node

intevydisvulndisco_packMatch8.12pro

AND

sunjava_system_web_serverMatch7.0update_6

CPENameOperatorVersion
sun:java_system_web_serversun java system web servereq7.0

CPE	Name	Operator	Version
sun:java_system_web_server	sun java system web server	eq	7.0

References

intevydis.com/vd-list.shtml

secunia.com/advisories/37115

www.h-online.com/security/news/item/Alleged-critical-vulnerability-in-Sun-Java-System-Web-Server-839598.html

www.intevydis.com/blog/?p=79

www.osvdb.org/59497

www.vupen.com/english/advisories/2009/3024

exchange.xforce.ibmcloud.com/vulnerabilities/54065

6.8 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

70.2%

JSON

Related for CVE-2009-3878

prion1 openvas4 cvelist1 nvd1