Sun Java Web Console LibWebconsole_Services.SO Remote Format String

High Nessus Plugin ID 25082


The remote web server is prone to a format string attack.


The remote host is running SUN Java Web Console.

The remote version of this service does not properly sanitize calls to the syslog function. By sending a specially crafted request it is possible to exploit this format string error.
An attacker can exploit it to execute code with the privileges of the web server.


See the vendor's update for information on workarounds and solutions to this issue.

See Also

Plugin Details

Severity: High

ID: 25082

File Name: sun_java_web_console_format_string.nasl

Version: $Revision: 1.23 $

Type: remote

Family: Web Servers

Published: 2007/04/23

Modified: 2013/08/26

Dependencies: 10107, 10267

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:sun:java_web_console

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/04/17

Vulnerability Publication Date: 2007/04/17

Reference Information

CVE: CVE-2007-1681

BID: 23539

OSVDB: 34902