Intrusion Prevention

Sun.Solaris.JavaWebConsole.Format.String

Description

There is a format string vulnerability in Sun Solaris and Java Web Console. The vulnerability may occur when calling the "syslog()" function to log a failed login attempt. It may be exploited to execute arbitrary code by sending malformed authentication data.

Affected Products

Sun Solaris 10 prior to 11/06
Sun Java Web Console versions 2.2.2 through 2.2.5.

Impact

System compromise: remote code execution.

Recommended Actions

Update to Sun Java Web Console version 2.2.6 or apply patches.
Sun Java Web Console 2.2.6:
http://www.sun.com/download/products.xml?id=461d58be
Sun Solaris 10, SPARC platform:
Apply patch 121211-02.
Sun Solaris 10, x86 platform:
Apply patch 121212-02.

Coverage

IPS (Regular DB)
IPS (Extended DB)

ID	14491
Created	Oct 23, 2007
Updated	Apr 17, 2023
Risk
CVE ID	CVE-2007-1681
Exploit Prediction Score	8.4%
Default Action	drop
Active
Affected OS	Solaris
Affected App	SUN

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Intrusion Prevention

Sun.Solaris.JavaWebConsole.Format.String

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Intrusion Prevention

Sun.Solaris.JavaWebConsole.Format.String

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

Threat Intelligence
Center