Sun JavaServer Default Admin Password

high Nessus Plugin ID 10995

Synopsis

The remote web server uses a default set of administrative credentials.

Description

The remote host is running the Sun JavaServer. This server has the default username and password of admin. An attacker can use this to gain complete control over the web server configuration and possibly execute commands.

Solution

Set the web administration interface to require a password. For more information please consult the documentation located in the /system/ directory of the web server.

Plugin Details

Severity: High

ID: 10995

File Name: DDI_JavaServer_Default.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 6/5/2002

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 9/12/2002

Exploitable With

Metasploit (SNMP Community Scanner)

Reference Information

CVE: CVE-1999-0508