CVE-2009-3878 - OpenCVE

Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intevydis	Vulndisco Pack
Sun	Java System Web Server

Configuration 1 [-]

AND

cpe:2.3:a:intevydis:vulndisco_pack:8.12:*:pro:*:*:*:*:*

cpe:2.3:a:sun:java_system_web_server:7.0:update_6:*:*:*:*:*:*

No data.

References

Link	Providers
http://intevydis.com/vd-list.shtml
http://secunia.com/advisories/37115
http://www.h-online.com/security/news/item/Alleged-critical-vulnerability-in-Sun-Java-System-Web-Server-839598.html
http://www.intevydis.com/blog/?p=79
http://www.osvdb.org/59497
http://www.vupen.com/english/advisories/2009/3024
https://exchange.xforce.ibmcloud.com/vulnerabilities/54065

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-11-05T16:00:00

Updated: 2024-08-07T06:45:50.668Z

Reserved: 2009-11-05T00:00:00

Link: CVE-2009-3878

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-11-05T16:30:00.577

Modified: 2017-08-17T01:31:19.180

Link: CVE-2009-3878

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-10-26T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.intevydis.com/blog/?p=79"}, {"name": "jsws-unspecified-bo(54065)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54065"}, {"name": "59497", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/59497"}, {"tags": ["x_refsource_MISC"], "url": "http://www.h-online.com/security/news/item/Alleged-critical-vulnerability-in-Sun-Java-System-Web-Server-839598.html"}, {"name": "ADV-2009-3024", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3024"}, {"name": "37115", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37115"}, {"tags": ["x_refsource_MISC"], "url": "http://intevydis.com/vd-list.shtml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3878", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.intevydis.com/blog/?p=79", "refsource": "MISC", "url": "http://www.intevydis.com/blog/?p=79"}, {"name": "jsws-unspecified-bo(54065)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54065"}, {"name": "59497", "refsource": "OSVDB", "url": "http://www.osvdb.org/59497"}, {"name": "http://www.h-online.com/security/news/item/Alleged-critical-vulnerability-in-Sun-Java-System-Web-Server-839598.html", "refsource": "MISC", "url": "http://www.h-online.com/security/news/item/Alleged-critical-vulnerability-in-Sun-Java-System-Web-Server-839598.html"}, {"name": "ADV-2009-3024", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3024"}, {"name": "37115", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37115"}, {"name": "http://intevydis.com/vd-list.shtml", "refsource": "MISC", "url": "http://intevydis.com/vd-list.shtml"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:45:50.668Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.intevydis.com/blog/?p=79"}, {"name": "jsws-unspecified-bo(54065)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54065"}, {"name": "59497", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/59497"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.h-online.com/security/news/item/Alleged-critical-vulnerability-in-Sun-Java-System-Web-Server-839598.html"}, {"name": "ADV-2009-3024", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3024"}, {"name": "37115", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37115"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://intevydis.com/vd-list.shtml"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3878", "datePublished": "2009-11-05T16:00:00", "dateReserved": "2009-11-05T00:00:00", "dateUpdated": "2024-08-07T06:45:50.668Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intevydis:vulndisco_pack:8.12:*:pro:*:*:*:*:*", "matchCriteriaId": "C3F52543-008F-4734-B729-932FC554A57B", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:update_6:*:*:*:*:*:*", "matchCriteriaId": "C4E1A63C-F6C0-475C-BC3A-AC223E766614", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en Sun Java System Web Server v7.0 Update 6 con impacto no especificado y vectores de ataque remoto, como se demuestra por el m\u00f3dulo vd_sjws en VulnDisco Pack Professional v8.12. NOTA: a la fecha 05/11/2009, no hay ninguna informaci\u00f3n para utilizar esta vulnerabilidad. Sin embargo debido a que el autor de VulnDisco es un investigador reputado, se ha asignado un identificador CVE con el fin de hacerle un seguimiento."}], "id": "CVE-2009-3878", "lastModified": "2017-08-17T01:31:19.180", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-11-05T16:30:00.577", "references": [{"source": "cve@mitre.org", "url": "http://intevydis.com/vd-list.shtml"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37115"}, {"source": "cve@mitre.org", "url": "http://www.h-online.com/security/news/item/Alleged-critical-vulnerability-in-Sun-Java-System-Web-Server-839598.html"}, {"source": "cve@mitre.org", "url": "http://www.intevydis.com/blog/?p=79"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/59497"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3024"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54065"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}