850 matches found
Sun Java系统访问管理器多个安全漏洞
BUGTRAQ ID: 25842 Sun Java系统访问管理器是一个安全单点登录、认证、授权解决方案。 Sun Java系统访问管理器实现上存在多个漏洞,远程攻击者可能利用这些漏洞实现非授权访问。 如果在Sun Java系统应用服务器9.1容器中安装了Sun Java系统访问管理器7.1且重启了容器,就不会显示认证屏。任何基于认证使用容器的应用程序都无法正确运行,因为任何用户都会未经认证便给予访问。这可能导致非特权的非管理用户执行管理任务,例如,管理控制台在访问这个应用时不再提示用户进行认证。因此,任何用户无论是否拥有管理权限,都可以管理应用服务器。 在Sun...
Code injection
Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors...
Authentication flaw
Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks...
CVE-2007-5153
Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2007-5152
Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks...
CVE-2007-5152
Summary: CVE-2007-5152 affects Sun Java System Access Manager 7.1 when installed in a Sun Java System Application Server 9.1 container. The issue is that authentication is not required after a container restart, enabling remote attackers to perform administrative tasks. The vulnerability is evide...
CVE-2007-5153
Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2007-5153
Technical details about CVE-2007-5153 are not publicly available in the provided documents; affected products, impact, and remediation specifics are not disclosed. Monitor for updates from official sources.
JSPWiki Multiple Vulnerabilities
Application: JSPWiki Multiple Vulnerabilities Version: 2.4.103 and 2.5.139 Credit: Jason Kratzer Date: 9/24/2007 Background ------------------------------------------------------------ JSPWiki is wiki software built around the standard J2EE components of Java, servlets and JSP. It was written by...
Update Protection against Sun Microsystems Java System Web Proxy sockd Daemon Buffer Overflow Vulnerability
A buffer overflow vulnerability has been reported in the Java System Web Proxy sockd daemon. Java System Web Proxy Server collects and distributes data from the network. It provides protocol support for SOCKS - an Internet protocol that allows client-server applications to transparently use the...
CVE-2007-4289
The connected records indicate CVE-2007-4289 is related to improper handling of XSLT stylesheets in XML signatures, affecting Sun Java System Access Manager 6.3–7.1 and Sun Java System Identity Server 6.1–6.2, where crafted XSLT transforms could allow context-dependent attackers to execute arbitr...
Crlf injection
CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function SAF uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote...
CVE-2007-4164
CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function SAF uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote...
CVE-2007-4164
CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function SAF uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote...
CVE-2007-4164
CVE-2007-4164 affects Sun Java System Web Server 6.1 and 7.0; CRLF injection in the redirect SAF when url-prefix is used (escape disabled) or Error directive uses url-prefix in obj.conf, enabling remote HTTP header injection/response splitting. Affected products require patches: Web Server 6.1 pa...
CVE-2007-4025
Unspecified vulnerability in Sun Java System SJS Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors...
Code injection
Unspecified vulnerability in Sun Java System SJS Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors...
CVE-2007-4025
Unspecified vulnerability in Sun Java System SJS Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors...
Sun Java System Access Manager密码信息泄露漏洞
Sun Java System Access Manager是一款为企业提供了身份联合方面的一个可互操作、基于标准的强大验证和授权解决方案。 Sun Java System Access Manager存在设计错误,本地攻击者可以利用漏洞获得用户密码敏感信息。 当在Sun Java System Access Manager的调试级别如果设置为"message",登录密码会以明文方式记录,因此本地非特权用户可读取。 Sun Java System Access Manager 6.2 2004Q2 Solaris x Sun Java System Access Manager 6.2...
Sun Java System Server XSLT处理远程Java方法执行漏洞
BUGTRAQ ID: 24850 CNCAN ID:CNCAN-2007071110 Sun Java System Application Server和Sun Java System Web Server是应用服务程序和WEB服务程序。 Sun Java System Application Server和Sun Java System Web Server不正确处理XML签名中的XSLT传送中包含的XSLT样式表单,远程攻击者可以利用漏洞执行任意Java方法。 Sun Java System Web Server 7.0 Sun Java System Application...