CVE-2007-2881

Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=536	Patch
http://osvdb.org/35841
http://secunia.com/advisories/25405
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102927-1	Patch
http://www.kb.cert.org/vuls/id/746889	US Government Resource
http://www.securityfocus.com/bid/24165
http://www.securitytracker.com/id?1018130
http://www.vupen.com/english/advisories/2007/1957
https://exchange.xforce.ibmcloud.com/vulnerabilities/34524

Configurations

Configuration 1 (hide)

cpe:2.3:a:sun:java_system_web_proxy_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-05-29 20:30

Updated : 2023-12-10 10:40

NVD link : CVE-2007-2881

Mitre link : CVE-2007-2881

CVE.ORG link : CVE-2007-2881

JSON object : View

Products Affected

sun

java_system_web_proxy_server

CWE

NVD-CWE-Other

{"id": "CVE-2007-2881", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-05-29T20:30:00.000", "references": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=536", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/35841", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25405", "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102927-1", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/746889", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24165", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018130", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1957", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34524", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basado en pila en el soporte de proxy SOCKS (sockd) en Sun Java Web Proxy Server anterior a 4.0.5 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante paquetes manipulados durante la negociaci\u00f3n del protocolo."}], "lastModified": "2017-07-29T01:31:48.830", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60F4D3BE-B872-4807-A16E-869763DF27EC", "versionEndIncluding": "4.0.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}