CVE-2007-3700

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Access Manager
Vendor: CVE Published:; 11 July 2007

Summary

Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth.

References

http://www.securityfocus.com/bid/24859

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2007/2496

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/26030

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 11, 2007
Vulnerability Reserved
Jul 11, 2007