CVE-2007-3700

LOW

Description

Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth.

References

http://osvdb.org/37249

http://secunia.com/advisories/26030

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101918-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200386-1

http://www.securityfocus.com/bid/24859

http://www.securitytracker.com/id?1018370

http://www.vupen.com/english/advisories/2007/2496

https://exchange.xforce.ibmcloud.com/vulnerabilities/35339

Details

Source: MITRE

Published: 2007-07-11

Updated: 2017-07-29

Risk Information

CVSS v2.0

Base Score: 1.7

Vector: AV:L/AC:L/Au:S/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.1

Severity: LOW