Information Disclosure in Sun Java System Access Manager
CVE-2007-3700

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Access Manager
Vendor: CVE Published:; 11 July 2007

What is CVE-2007-3700?

The Sun Java System Access Manager prior to the update released on July 10, 2007, is configured to log cleartext passwords when the message debug level is set in the AMConfig.properties file. This misconfiguration can allow local users to read sensitive information, specifically cleartext login credentials, from the debug logs located at /var/opt/SUNWam/debug/amAuth. This information disclosure issue poses a significant threat as it may enable unauthorized users to gain elevated privileges within the system.

References

http://www.securityfocus.com/bid/24859

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2007/2496

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/26030

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2007
Vulnerability Reserved
Jul 11, 2007

Oracle

What is CVE-2007-3700?

References

Timeline