[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248678

 
 

909

 
 

195426

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-1354Date: (C)2004-05-14   (M)2023-12-22


The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
BID-10349
SECUNIA-11616
SUNALERT-57559
OSVDB-6119
BID-8873
ESB-2004.0347
http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-sun/2003-10/0032.html
http://spoofed.org/files/text/solaris-smc-advisory.txt
oval:org.mitre.oval:def:1482
smc-dotdot-directory-traversal(16146)

CPE    1
cpe:/o:sun:sunos:5.8
CWE    1
CWE-22

© SecPod Technologies