Lucene search

[email protected]CVE-2010-3544

HistoryOct 14, 2010 - 6:00 p.m.

CVE-2010-3544

2010-10-1418:00:17

[email protected]

web.nvd.nist.gov

cve-2010-3544

oracle

iplanet web server

sun java system web server

vulnerability

remote attackers

administration

cross-site request forgery

csrf

stop instance

management console

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

5.7 Medium

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.6%

JSON

Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect integrity and availability via unknown vectors related to Administration. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable source that this is cross-site request forgery (CSRF) that allows remote attackers to stop an instance via the management console.

Affected configurations

NVD

Node

oraclesun_products_suiteMatch7.0

CPENameOperatorVersion
oracle:sun_products_suiteoracle sun products suiteeq7.0

CPE	Name	Operator	Version
oracle:sun_products_suite	oracle sun products suite	eq	7.0

References

jvn.jp/en/jp/JVN50133036/index.html

jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000042.html

www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

www.us-cert.gov/cas/techalerts/TA10-287A.html

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

5.7 Medium

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.6%

JSON

Related for CVE-2010-3544

prion1 jvn1 cvelist1 nvd1 openvas2 nessus1 securityvulns2 oracle1