Detections
Analytics

Sun Java Web Console LibWebconsole_Services.SO Remote Format String

high Nessus Plugin ID 25082

Language:

Synopsis

The remote web server is prone to a format string attack.

Description

The remote host is running SUN Java Web Console.

The remote version of this service does not properly sanitize calls to the syslog function. By sending a specially crafted request it is possible to exploit this format string error.
An attacker can exploit it to execute code with the privileges of the web server.

Solution

See the vendor's update for information on workarounds and solutions to this issue.

See Also

https://piratebay-proxies.com/best-internet-security/

http://www.nessus.org/u?49b94d2d

Plugin Details

Severity: High

ID: 25082

File Name: sun_java_web_console_format_string.nasl

Version: 1.25

Type: remote

Family: Web Servers

Published: 4/23/2007

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:sun:java_web_console

Exploit Ease: No known exploits are available

Patch Publication Date: 4/17/2007

Vulnerability Publication Date: 4/17/2007

Reference Information

CVE: CVE-2007-1681

BID: 23539