CVE-2007-3700

high

Description

Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35339

http://www.vupen.com/english/advisories/2007/2496

http://www.securitytracker.com/id?1018370

http://www.securityfocus.com/bid/24859

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200386-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101918-1

http://secunia.com/advisories/26030

http://osvdb.org/37249

Details

Source: Mitre, NVD

Published: 2007-07-11

Updated: 2017-07-29

Risk Information

CVSS v2

Base Score: 1.7

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High