Vulnerabilities > CVE-2008-5549 - Unspecified vulnerability in SUN Java System Portal Server 7.1/7.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN sun
nessus
Summary
Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_124302-16.NASL description Portal Server 7.1 Update 2 Solaris_x86:Maintenance Update Release. Date this patch was last updated by Sun : Feb/04/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107904 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107904 title Solaris 10 (x86) : 124302-16 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107904); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_cve_id("CVE-2008-5549", "CVE-2008-6192", "CVE-2010-4431"); script_name(english:"Solaris 10 (x86) : 124302-16"); script_summary(english:"Check for patch 124302-16"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 124302-16" ); script_set_attribute( attribute:"description", value: "Portal Server 7.1 Update 2 Solaris_x86:Maintenance Update Release. Date this patch was last updated by Sun : Feb/04/11" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/124302-16" ); script_set_attribute(attribute:"solution", value:"Install patch 124302-16"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_cwe_id(79, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:124302"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2011/02/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124302-16", obsoleted_by:"", package:"SUNWportal-admin", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124302-16", obsoleted_by:"", package:"SUNWportal-base", version:"7.0,REV=2005.12.12.00.47") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124302-16", obsoleted_by:"", package:"SUNWportal-portlets", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124302-16", obsoleted_by:"", package:"SUNWportal-search", version:"7.0,REV=2005.12.12.00.49") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124302-16", obsoleted_by:"", package:"SUNWportal-sracommon", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124302-16", obsoleted_by:"", package:"SUNWportal-sracore", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124302-16", obsoleted_by:"", package:"SUNWportal-sragateway", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124302-16", obsoleted_by:"", package:"SUNWportal-sranetletproxy", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124302-16", obsoleted_by:"", package:"SUNWportal-srarewriterproxy", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWportal-admin / SUNWportal-base / SUNWportal-portlets / etc"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_124301-16.NASL description Portal Server 7.1 Update 2 Solaris (sparc): Maintenance Update Rel. Date this patch was last updated by Sun : Jan/31/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107401 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107401 title Solaris 10 (sparc) : 124301-16 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107401); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_cve_id("CVE-2008-5549", "CVE-2008-6192", "CVE-2010-4431"); script_name(english:"Solaris 10 (sparc) : 124301-16"); script_summary(english:"Check for patch 124301-16"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 124301-16" ); script_set_attribute( attribute:"description", value: "Portal Server 7.1 Update 2 Solaris (sparc): Maintenance Update Rel. Date this patch was last updated by Sun : Jan/31/11" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/124301-16" ); script_set_attribute(attribute:"solution", value:"Install patch 124301-16"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_cwe_id(79, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:124301"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2011/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124301-16", obsoleted_by:"", package:"SUNWportal-admin", version:"7.0,REV=2005.12.12.01.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124301-16", obsoleted_by:"", package:"SUNWportal-base", version:"7.0,REV=2005.12.12.01.50") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124301-16", obsoleted_by:"", package:"SUNWportal-portlets", version:"7.0,REV=2005.12.12.01.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124301-16", obsoleted_by:"", package:"SUNWportal-search", version:"7.0,REV=2005.12.12.01.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124301-16", obsoleted_by:"", package:"SUNWportal-sracommon", version:"7.0,REV=2005.12.12.01.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124301-16", obsoleted_by:"", package:"SUNWportal-sracore", version:"7.0,REV=2005.12.12.01.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124301-16", obsoleted_by:"", package:"SUNWportal-sragateway", version:"7.0,REV=2005.12.12.01.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124301-16", obsoleted_by:"", package:"SUNWportal-sranetletproxy", version:"7.0,REV=2005.12.12.01.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124301-16", obsoleted_by:"", package:"SUNWportal-srarewriterproxy", version:"7.0,REV=2005.12.12.01.53") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWportal-admin / SUNWportal-base / SUNWportal-portlets / etc"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_138686-07.NASL description Portal Server 7.2 Solaris (sparc): Maintenance Patch. Date this patch was last updated by Sun : Jan/27/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107504 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107504 title Solaris 10 (sparc) : 138686-07 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107504); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_cve_id("CVE-2008-5549", "CVE-2009-4187"); script_name(english:"Solaris 10 (sparc) : 138686-07"); script_summary(english:"Check for patch 138686-07"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 138686-07" ); script_set_attribute( attribute:"description", value: "Portal Server 7.2 Solaris (sparc): Maintenance Patch. Date this patch was last updated by Sun : Jan/27/11" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/138686-07" ); script_set_attribute(attribute:"solution", value:"Install patch 138686-07"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_cwe_id(79, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:138686"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2011/01/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"138686-07", obsoleted_by:"", package:"SUNWportal-admin", version:"7.2,REV=2008.05.03.08.52") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"138686-07", obsoleted_by:"", package:"SUNWportal-base", version:"7.2,REV=2008.05.03.08.50") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"138686-07", obsoleted_by:"", package:"SUNWportal-portlets", version:"7.2,REV=2008.05.03.08.52") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"138686-07", obsoleted_by:"", package:"SUNWportal-search", version:"7.2,REV=2008.05.03.08.52") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"138686-07", obsoleted_by:"", package:"SUNWportal-sracommon", version:"7.2,REV=2008.05.03.08.52") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"138686-07", obsoleted_by:"", package:"SUNWportal-sracore", version:"7.2,REV=2008.05.03.08.52") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"138686-07", obsoleted_by:"", package:"SUNWportal-sragateway", version:"7.2,REV=2008.05.03.08.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"138686-07", obsoleted_by:"", package:"SUNWportal-sranetletproxy", version:"7.2,REV=2008.05.03.08.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"138686-07", obsoleted_by:"", package:"SUNWportal-srarewriterproxy", version:"7.2,REV=2008.05.03.08.53") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWportal-admin / SUNWportal-base / SUNWportal-portlets / etc"); }
References
- http://secunia.com/advisories/33120
- http://secunia.com/advisories/33120
- http://securitytracker.com/id?1021380
- http://securitytracker.com/id?1021380
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-124301-12-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-124301-12-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-138686-01-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-138686-01-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-243886-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-243886-1
- http://www.securityfocus.com/bid/32770
- http://www.securityfocus.com/bid/32770
- http://www.vupen.com/english/advisories/2008/3408
- http://www.vupen.com/english/advisories/2008/3408
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47256
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47256