fkie_nvd - fkie_cve-2008-4541

fkie_cve-2008-4541

Vulnerability from fkie_nvd

Published

2008-10-13 20:00

Modified

2025-04-09 00:30

Severity ?

Summary

Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.

References

URL	Tags
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=747
cve@mitre.org	http://secunia.com/advisories/32227	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1021038
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-26-242986-1
cve@mitre.org	http://www.securityfocus.com/bid/31691
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2781	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/45782
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=747
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32227	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1021038
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-242986-1
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31691
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2781	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45782

Impacted products

Vendor	Product	Version
sun	java_system_web_proxy_server	4.0
sun	java_system_web_proxy_server	4.0
sun	java_system_web_proxy_server	4.0.1
sun	java_system_web_proxy_server	4.0.1
sun	java_system_web_proxy_server	4.0.1
sun	java_system_web_proxy_server	4.0.1
sun	java_system_web_proxy_server	4.0.1
sun	java_system_web_proxy_server	4.0.1
sun	java_system_web_proxy_server	4.0.1
sun	java_system_web_proxy_server	4.0.2
sun	java_system_web_proxy_server	4.0.2
sun	java_system_web_proxy_server	4.0.2
sun	java_system_web_proxy_server	4.0.2
sun	java_system_web_proxy_server	4.0.2
sun	java_system_web_proxy_server	4.0.2
sun	java_system_web_proxy_server	4.0.2
sun	java_system_web_proxy_server	4.0.3
sun	java_system_web_proxy_server	4.0.3
sun	java_system_web_proxy_server	4.0.3
sun	java_system_web_proxy_server	4.0.3
sun	java_system_web_proxy_server	4.0.3
sun	java_system_web_proxy_server	4.0.3
sun	java_system_web_proxy_server	4.0.3
sun	java_system_web_proxy_server	4.0.4
sun	java_system_web_proxy_server	4.0.4
sun	java_system_web_proxy_server	4.0.4
sun	java_system_web_proxy_server	4.0.4
sun	java_system_web_proxy_server	4.0.4
sun	java_system_web_proxy_server	4.0.4
sun	java_system_web_proxy_server	4.0.4
sun	java_system_web_proxy_server	4.0.5
sun	java_system_web_proxy_server	4.0.5
sun	java_system_web_proxy_server	4.0.5
sun	java_system_web_proxy_server	4.0.5
sun	java_system_web_proxy_server	4.0.5
sun	java_system_web_proxy_server	4.0.5
sun	java_system_web_proxy_server	4.0.5
sun	java_system_web_proxy_server	4.0.6
sun	java_system_web_proxy_server	4.0.6
sun	java_system_web_proxy_server	4.0.6
sun	java_system_web_proxy_server	4.0.6
sun	java_system_web_proxy_server	4.0.6
sun	java_system_web_proxy_server	4.0.7
sun	java_system_web_proxy_server	4.0.7
sun	java_system_web_proxy_server	4.0.7
sun	java_system_web_proxy_server	4.0.7
sun	java_system_web_proxy_server	4.0.7
sun	java_system_web_proxy_server	4.0.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB8D89B7-2C74-4CDC-8708-D9FACC4DE7C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "927171C0-E754-4FC1-AA9F-6565ADE2B63D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EECC7DD-79F8-4189-91C7-2E8F5AB6A50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A14869F3-76A8-4407-85C8-3D9764721EF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "18658A61-81D2-4FDD-8DB2-8222CCCF85C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C0B02862-58BD-4D29-A2D1-3A7925FA8DDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "BE09D9A5-4A81-4771-9D1F-E74845537486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "B4B978A8-4D6D-4E1F-94FF-3ED6ECB584C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "D03FFC6C-1CDB-49ED-B693-DC53D87118C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FA1C4E0-1EB0-4CDE-90D5-1A600BCBA93F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "399B9003-1841-4F68-ABD9-EFAF8FDAFADC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "CE035EA8-4F06-4C14-9E27-8F1533D1433B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "9D93A98A-39F3-44C7-9150-90C3892508C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "D2B7A60C-89B5-4851-BE12-4196A6A4D616",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "29307BC1-6FC6-4F82-9031-E7317B2AFE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "1BAD5224-978C-4317-8FA2-FF56FF022E68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC07AB3E-09D4-47B2-B065-8E5A73775982",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "69CE3DFF-8BFD-45BF-BA2A-DB176BF17C38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4DB543F2-7DC6-4EED-92D3-EBC12E70AC0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "559B8C70-F680-4578-9E68-258D91B41E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "C7C836B7-564C-4EAD-A9EF-FB41C0533238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C06DE-0800-4A43-BEC1-B38811660DC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "511AEA73-AECF-4ECF-9690-03BF516875E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "97EB8961-9F4D-498D-B2C7-421175F8FE72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "CF2CB27C-5F5A-4057-9B47-61365F0658C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "766DA0FE-CAA8-4946-A4AE-4E464D0D0D5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "67DBCAEE-BC63-4C92-8A91-839F475FBB45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "13903015-75DD-4F12-9E9A-F12844CEA251",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "C48458F0-E844-4654-B450-77E2BF97B047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "6CA00153-D1EF-44BE-9288-00D2358DA55F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9B4BC20-945E-4F5E-A850-AE9BC30119F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "BDE95076-C3FF-41E0-A5A0-B70E779EAF77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4435E1C4-BAD3-4902-A5F0-3C024CE78766",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "982A6037-F163-4F48-9CF9-D07D37824565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "5FB0CAFB-AA1A-408D-9436-CFDAB6985FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "848A771F-CB1D-49BC-A1D7-48C31AA91590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "B976BD9A-CC17-40DD-A167-FB549460AA17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.6:*:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "84FAC4BC-5A3F-41E6-B881-1ABB00C8167D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.6:*:linux:*:*:*:*:*",
              "matchCriteriaId": "61285CF6-F5BD-4C19-B288-1EF1A9AAFBA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.6:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "ED09307B-02D6-4861-8FF6-5EEC4CE257FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.6:*:windows:*:*:*:*:*",
              "matchCriteriaId": "48DEE6A3-3EED-408A-BC93-85BAB1EA336C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.6:*:x86:*:*:*:*:*",
              "matchCriteriaId": "1C1A1FDC-6DF3-45CF-A4B7-3847429C6C8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F4F13A0-8097-4A06-9989-F33918FE8ADB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.7:*:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "1693ED80-2CE6-4536-A0EA-E7D0C24FDF10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.7:*:linux:*:*:*:*:*",
              "matchCriteriaId": "FDB620CE-A4C0-4A49-8022-DA5FA40FFF3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.7:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "4BCF42A1-BAB1-40C8-959F-0AC16B542577",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.7:*:windows:*:*:*:*:*",
              "matchCriteriaId": "82BBA16B-3F2F-49D3-99FC-4F3A45F1B68E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.7:*:x86:*:*:*:*:*",
              "matchCriteriaId": "A0C6FF56-864E-408C-AFDE-68D6DC7C6880",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en el subsistema FTP en Sun Java System Web Proxy Server versiones 4.0 hasta 4.0.7, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una petici\u00f3n GET de HTTP  dise\u00f1ada."
    }
  ],
  "id": "CVE-2008-4541",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-10-13T20:00:02.307",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=747"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32227"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1021038"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242986-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/31691"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2781"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1021038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242986-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2781"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45782"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2008-4541 (GCVE-0-2008-4541)

Vulnerability from cvelistv5

Published

2008-10-13 18:00