CVE-2003-0412
CVSS5.0
发布时间 :2003-06-30 00:00:00
修订时间 :2016-10-17 22:33:42
NMCOS    

[原文]Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities.


[CNNVD]Sun One Application Server请求记录绕过漏洞(CNNVD-200306-119)

        Windows 2000/XP平台的Sun ONE Application Server 7.0没有记录超长HTTP请求的完整URI,远程攻击者可以利用该漏洞隐藏恶意活动。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0412
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0412
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200306-119
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=105409846029475&w=2
(UNKNOWN)  BUGTRAQ  20030526 Multiple Vulnerabilities in Sun-One Application Server
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity
(VENDOR_ADVISORY)  SUNALERT  55221
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1
(UNKNOWN)  SUNALERT  1000610
http://www.ciac.org/ciac/bulletins/n-103.shtml
(VENDOR_ADVISORY)  CIAC  N-103
http://www.securityfocus.com/bid/7711
(VENDOR_ADVISORY)  BID  7711
http://www.spidynamics.com/sunone_alert.html
(UNKNOWN)  MISC  http://www.spidynamics.com/sunone_alert.html

- 漏洞信息

Sun One Application Server请求记录绕过漏洞
中危 设计错误
2003-06-30 00:00:00 2005-10-20 00:00:00
远程  
        Windows 2000/XP平台的Sun ONE Application Server 7.0没有记录超长HTTP请求的完整URI,远程攻击者可以利用该漏洞隐藏恶意活动。

- 公告与补丁

        The vendor has stated that this issue will be addressed with Sun ONE Application Server 7.0 Update Release 2.
        Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
        Sun ONE Application Server 7.0 Platform Edition
        
        Sun ONE Application Server 7.0 UR1 Platform Edition
        
        Sun ONE Application Server 7.0 Standard Edition
        
        Sun ONE Application Server 7.0 UR1 Standard Edition
        

- 漏洞信息

11641
Sun ONE Application Server Long URI Request Logging Failure

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-05-26 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Sun One Application Server Request Logging Circumvention Weakness
Design Error 7711
Yes No
2003-05-27 12:00:00 2009-07-11 10:06:00
Discovery credited to "SPI Labs" <spilabs@spidynamics.com>.

- 受影响的程序版本

Sun ONE Application Server 7.0 UR1 Standard Edition
Sun ONE Application Server 7.0 UR1 Platform Edition
Sun ONE Application Server 7.0 Standard Edition
Sun ONE Application Server 7.0 Platform Edition
Sun ONE Application Server 7.0 UR2 Standard Edition
Sun ONE Application Server 7.0 UR2 Platform Edition

- 不受影响的程序版本

Sun ONE Application Server 7.0 UR2 Standard Edition
Sun ONE Application Server 7.0 UR2 Platform Edition

- 漏洞讨论

It has been reported that Sun ONE Application Server may not properly log requests under some circumstances. Because of this, an attacker may be able to obscure attacks from the view of administrators.

It has been reported that this problem affects Sun ONE Application Server on Microsoft Windows platforms. Versions prior to 7.0 may also be affected, but this has not been confirmed.

- 漏洞利用

This weakness may be exploited with a web browser.

- 解决方案

The vendor has stated that this issue will be addressed with Sun ONE Application Server 7.0 Update Release 2.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


Sun ONE Application Server 7.0 Platform Edition

Sun ONE Application Server 7.0 UR1 Platform Edition

Sun ONE Application Server 7.0 Standard Edition

Sun ONE Application Server 7.0 UR1 Standard Edition

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站