Vulnerability Details : CVE-2004-1350
Multiple buffer overflows in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) 3.6 through 3.6 SP4 allow remote attackers to execute arbitrary code via unknown vectors, possibly CONNECT requests.
Vulnerability category: Execute code
Products affected by CVE-2004-1350
- cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp3:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp4:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp1:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp2:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_proxy_server:3.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-1350
25.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-1350
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2004-1350
-
http://www.kb.cert.org/vuls/id/964401
VU#964401 - Sun Java System Web Proxy Server vulnerable to buffer overflowUS Government Resource
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17920
-
http://www.pentest.co.uk/documents/ptl-2004-06.html
-
http://www.securityfocus.com/bid/11566
Patch;Vendor Advisory
-
http://www.ciac.org/ciac/bulletins/p-027.shtml
-
http://securitytracker.com/id?1012005
Patch;Vendor Advisory
-
http://www.auscert.org.au/render.html?it=4516
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57606-1&searchclause=security
-
http://www.osvdb.org/displayvuln.php?osvdb_id=11304
Patch;Vendor Advisory
-
http://secunia.com/advisories/13036/
Patch;Vendor Advisory
Jump to