Vulnerabilities > CVE-2010-4431 - Local Security vulnerability in SUN Java System Portal Server 7.1/7.2
Attack vector
LOCAL Attack complexity
HIGH Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 and 7.2 allows local users to affect confidentiality via unknown vectors related to Proxy.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_124302-16.NASL description Portal Server 7.1 Update 2 Solaris_x86:Maintenance Update Release. Date this patch was last updated by Sun : Feb/04/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107904 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107904 title Solaris 10 (x86) : 124302-16 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107904); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_cve_id("CVE-2008-5549", "CVE-2008-6192", "CVE-2010-4431"); script_name(english:"Solaris 10 (x86) : 124302-16"); script_summary(english:"Check for patch 124302-16"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 124302-16" ); script_set_attribute( attribute:"description", value: "Portal Server 7.1 Update 2 Solaris_x86:Maintenance Update Release. Date this patch was last updated by Sun : Feb/04/11" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/124302-16" ); script_set_attribute(attribute:"solution", value:"Install patch 124302-16"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_cwe_id(79, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:124302"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2011/02/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124302-16", obsoleted_by:"", package:"SUNWportal-admin", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124302-16", obsoleted_by:"", package:"SUNWportal-base", version:"7.0,REV=2005.12.12.00.47") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124302-16", obsoleted_by:"", package:"SUNWportal-portlets", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124302-16", obsoleted_by:"", package:"SUNWportal-search", version:"7.0,REV=2005.12.12.00.49") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124302-16", obsoleted_by:"", package:"SUNWportal-sracommon", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124302-16", obsoleted_by:"", package:"SUNWportal-sracore", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124302-16", obsoleted_by:"", package:"SUNWportal-sragateway", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124302-16", obsoleted_by:"", package:"SUNWportal-sranetletproxy", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124302-16", obsoleted_by:"", package:"SUNWportal-srarewriterproxy", version:"7.0,REV=2005.12.12.00.50") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWportal-admin / SUNWportal-base / SUNWportal-portlets / etc"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_124301-16.NASL description Portal Server 7.1 Update 2 Solaris (sparc): Maintenance Update Rel. Date this patch was last updated by Sun : Jan/31/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107401 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107401 title Solaris 10 (sparc) : 124301-16 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107401); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_cve_id("CVE-2008-5549", "CVE-2008-6192", "CVE-2010-4431"); script_name(english:"Solaris 10 (sparc) : 124301-16"); script_summary(english:"Check for patch 124301-16"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 124301-16" ); script_set_attribute( attribute:"description", value: "Portal Server 7.1 Update 2 Solaris (sparc): Maintenance Update Rel. Date this patch was last updated by Sun : Jan/31/11" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/124301-16" ); script_set_attribute(attribute:"solution", value:"Install patch 124301-16"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_cwe_id(79, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:124301"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2011/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124301-16", obsoleted_by:"", package:"SUNWportal-admin", version:"7.0,REV=2005.12.12.01.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124301-16", obsoleted_by:"", package:"SUNWportal-base", version:"7.0,REV=2005.12.12.01.50") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124301-16", obsoleted_by:"", package:"SUNWportal-portlets", version:"7.0,REV=2005.12.12.01.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124301-16", obsoleted_by:"", package:"SUNWportal-search", version:"7.0,REV=2005.12.12.01.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124301-16", obsoleted_by:"", package:"SUNWportal-sracommon", version:"7.0,REV=2005.12.12.01.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124301-16", obsoleted_by:"", package:"SUNWportal-sracore", version:"7.0,REV=2005.12.12.01.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124301-16", obsoleted_by:"", package:"SUNWportal-sragateway", version:"7.0,REV=2005.12.12.01.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124301-16", obsoleted_by:"", package:"SUNWportal-sranetletproxy", version:"7.0,REV=2005.12.12.01.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124301-16", obsoleted_by:"", package:"SUNWportal-srarewriterproxy", version:"7.0,REV=2005.12.12.01.53") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWportal-admin / SUNWportal-base / SUNWportal-portlets / etc"); }