PT-2007-4946 · Sun · Sun Java System Access Manager

Published

2007-07-11

Updated

2017-07-29

CVE-2007-3700

CVSS v2.0

1.7

Low

Vector

AV:L/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Sun Java System Access Manager versions before 20070710

Description The issue allows local users to gain privileges by reading the debug log file. This occurs when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, causing cleartext login passwords to be logged.

Recommendations For Sun Java System Access Manager versions before 20070710, consider modifying the com.iplanet.services.debug.level property in AMConfig.properties to prevent logging of cleartext login passwords. As a temporary workaround, restrict access to the /var/opt/SUNWam/debug/amAuth log file to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3700

Affected Products

Sun Java System Access Manager

PT-2007-4946 · Sun · Sun Java System Access Manager

CVE-2007-3700

Related Identifiers

Affected Products

References · 9