Sun Java System Portal Server File Disclosure Vulnerability

-->

  SecPod ID: 10087                                            Status: Public Report
  Sun Java System Portal Server File Disclosure Vulnerability Severity: Medium
                                                              Release Date: 12-12-2008
                                                              CVSS Base Score: 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N)
                                                              CVSS Temporal Score  = 3.7
                                                              Impact Level:  Application

  Affected Software/OS/Device:
  - Sun Java System Portal Server version 7.1 and 7.2 or prior

  OpenVAS Plugin ID:
  Snort Signature ID:
  OVAL ID: 

  Vulnerability Insight:

  Overview:
  Sun Java System Portal Server is prone to File Disclosure Vulnerability.

  Description:
  This flaw is due to an unspecified error which can cause reading servers
  configuration files.

  Impact:
  Successful exploitation will let the attacker gain sensitive information in
  the server configuration directories.

  CVSS Score Report:
      ACCESS_VECTOR = NETWORK
      ACCESS_COMPLEXITY = LOW
      AUTHENTICATION = NOT_REQUIRED
      CONFIDENTIALITY_IMPACT = PARTIAL
      INTEGRITY_IMPACT = NONE
      AVAILABILITY_IMPACT = NONE
      EXPLOITABILITY = UNPROVEN
      REMEDIATION_LEVEL = OFFICIAL_FIX
      REPORT_CONFIDENCE = CONFIRMED
      CVSS Base Score = 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N) 
      CVSS Temporal Score = 3.7
      Risk factor = Medium

  Fix:
  Apply the security patches,
  http://sunsolve.sun.com/search/document.do?assetkey=1-66-243886-1

  References: 
  http://secunia.com/advisories/33120
Home Corporate Resources Report Security Bug Diary