CVE-2008-4541

Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=747
http://secunia.com/advisories/32227	Vendor Advisory
http://securitytracker.com/id?1021038
http://sunsolve.sun.com/search/document.do?assetkey=1-26-242986-1
http://www.securityfocus.com/bid/31691
http://www.vupen.com/english/advisories/2008/2781	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45782
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=747
http://secunia.com/advisories/32227	Vendor Advisory
http://securitytracker.com/id?1021038
http://sunsolve.sun.com/search/document.do?assetkey=1-26-242986-1
http://www.securityfocus.com/bid/31691
http://www.vupen.com/english/advisories/2008/2781	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45782

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sun:java_system_web_proxy_server:4.0:::::::*
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0:sp1::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:::::::*
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:sp1::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:sp2::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:sp3::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:sp4::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:sp5::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:sp6::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:::::::*
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:sp1::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:sp2::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:sp3::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:sp4::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:sp5::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:sp6::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:::::::*
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:sp1::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:sp2::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:sp3::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:sp4::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:sp5::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:sp6::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:::::::*
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:sp1::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:sp2::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:sp3::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:sp4::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:sp5::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:sp6::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:::::::*
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:sp1::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:sp2::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:sp3::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:sp4::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:sp5::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:sp6::::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.6::hp_ux:::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.6::linux:::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.6::sparc:::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.6::windows:::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.6::x86:::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.7:::::::*
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.7::hp_ux:::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.7::linux:::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.7::sparc:::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.7::windows:::::
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0.7::x86:::::

History

21 Nov 2024, 00:51

Type	Values Removed	Values Added
References	~~() http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=747 -~~	() http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=747 -
References	~~() http://secunia.com/advisories/32227 - Vendor Advisory~~	() http://secunia.com/advisories/32227 - Vendor Advisory
References	~~() http://securitytracker.com/id?1021038 -~~	() http://securitytracker.com/id?1021038 -
References	~~() http://sunsolve.sun.com/search/document.do?assetkey=1-26-242986-1 -~~	() http://sunsolve.sun.com/search/document.do?assetkey=1-26-242986-1 -
References	~~() http://www.securityfocus.com/bid/31691 -~~	() http://www.securityfocus.com/bid/31691 -
References	~~() http://www.vupen.com/english/advisories/2008/2781 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2008/2781 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/45782 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/45782 -

Information

Published : 2008-10-13 20:00

Updated : 2024-11-21 00:51

NVD link : CVE-2008-4541

Mitre link : CVE-2008-4541

CVE.ORG link : CVE-2008-4541

JSON object : View

Products Affected

sun

java_system_web_proxy_server

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

10.0 /10