CVE-2008-4747 - OpenCVE

Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Sun	Java Access Manager Java System Ldap Jdk

Configuration 1 [-]

AND

OR	cpe:2.3:a:sun:java_system_ldap_jdk::unknown:linux:::::
	cpe:2.3:a:sun:java_system_ldap_jdk::unknown:sparc:::::
	cpe:2.3:a:sun:java_system_ldap_jdk::unknown:x86:::::

OR	cpe:2.3:a:sun:java_access_manager:6:2005q1::::::
	cpe:2.3:a:sun:java_access_manager:7:2005q4::::::
	cpe:2.3:a:sun:java_access_manager:7.1:::::::*

References

Link	Resource
http://secunia.com/advisories/32327	Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-242246-1	Patch
http://www.securityfocus.com/bid/31905
http://www.securitytracker.com/id?1021103
http://www.vupen.com/english/advisories/2008/2916
https://exchange.xforce.ibmcloud.com/vulnerabilities/46074

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-10-27T19:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-10-27T00:00:00

Link: CVE-2008-4747

JSON object: View

NVD Information

Status : Modified

Published: 2008-10-27T20:00:01.647

Modified: 2017-08-08T01:32:53.217

Link: CVE-2008-4747

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-23T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2008-2916", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2916"}, {"name": "31905", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31905"}, {"name": "32327", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32327"}, {"name": "1021103", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021103"}, {"name": "javasystem-ldapjdk-search-info-disclosure(46074)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46074"}, {"name": "242246", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242246-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4747", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-2916", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2916"}, {"name": "31905", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31905"}, {"name": "32327", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32327"}, {"name": "1021103", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021103"}, {"name": "javasystem-ldapjdk-search-info-disclosure(46074)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46074"}, {"name": "242246", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242246-1"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4747", "datePublished": "2008-10-27T19:00:00", "dateReserved": "2008-10-27T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:java_system_ldap_jdk:*:unknown:linux:*:*:*:*:*", "matchCriteriaId": "B46CA181-A0B3-40FA-A5DE-166CE5162521", "versionEndIncluding": "4.19", "vulnerable": false}, {"criteria": "cpe:2.3:a:sun:java_system_ldap_jdk:*:unknown:sparc:*:*:*:*:*", "matchCriteriaId": "37EF57D7-1BB2-4E71-A787-6A9AFE34DF92", "versionEndIncluding": "4.19", "vulnerable": false}, {"criteria": "cpe:2.3:a:sun:java_system_ldap_jdk:*:unknown:x86:*:*:*:*:*", "matchCriteriaId": "13E65DCD-A796-4F50-A80F-8A5528598D7E", "versionEndIncluding": "4.19", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:sun:java_access_manager:6:2005q1:*:*:*:*:*:*", "matchCriteriaId": "B4B0ABF7-C898-4643-9A6B-7A58BC0003D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_access_manager:7:2005q4:*:*:*:*:*:*", "matchCriteriaId": "116D1FC8-4360-400C-8F38-E9EE3F4F6480", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_access_manager:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "CE2CCD34-D8C6-4C67-9BA2-9E4B0984EF1C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library."}, {"lang": "es", "value": "Vulnerabilidad no especificada en la caracter\u00edstica de b\u00fasqueda de Sun Java System LDAP JDK anterior a v4.20; permite a atacantes dependientes del contexto obtener informaci\u00f3n sensible a trav\u00e9s de vectores de ataque desconocidos relacionados con la biblioteca LDAP JDK."}], "id": "CVE-2008-4747", "lastModified": "2017-08-08T01:32:53.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-10-27T20:00:01.647", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32327"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242246-1"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/31905"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1021103"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2916"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46074"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}