CVE-2007-3700

Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth.

Published: Jul 12, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-3700
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 1.7
AV:L/AC:L/Au:S/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
sun / java_system_access_manager	-	-

http://osvdb.org/37249
http://secunia.com/advisories/26030
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101918-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200386-1
http://www.securityfocus.com/bid/24859
http://www.securitytracker.com/id?1018370
http://www.vupen.com/english/advisories/2007/2496
https://exchange.xforce.ibmcloud.com/vulnerabilities/35339

Vulnerability Database

289,697

CVE-2007-3700