Vulnerability Description
Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Java System Access Manager | All versions |
References
- http://osvdb.org/37249
- http://secunia.com/advisories/26030
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101918-1Patch
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200386-1
- http://www.securityfocus.com/bid/24859
- http://www.securitytracker.com/id?1018370
- http://www.vupen.com/english/advisories/2007/2496
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35339
- http://osvdb.org/37249
- http://secunia.com/advisories/26030
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101918-1Patch
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200386-1
- http://www.securityfocus.com/bid/24859
- http://www.securitytracker.com/id?1018370
- http://www.vupen.com/english/advisories/2007/2496
FAQ
What is CVE-2007-3700?
CVE-2007-3700 is a vulnerability with a CVSS score of 1.7 (LOW). Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.propertie...
How severe is CVE-2007-3700?
CVE-2007-3700 has been rated LOW with a CVSS base score of 1.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3700?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Java System Access Manager.