Sun Java System Web Server 7.0 Plugin for Sun N1SPS Remote Authentication Bypass Vulnerability

Bugtraq ID:	30451
Class:	Design Error
CVE:	CVE-2008-3425
Remote:	Yes
Local:	No
Published:	Jul 30 2008 12:00AM
Updated:	May 07 2015 05:25PM
Credit:	Sun
Vulnerable:	Sun N1 Service Provisioning System 6.0 Sun N1 Service Provisioning System 5.2 Sun Java System Web Server 7.0 Plugin 0 + Sun N1 Service Provisioning System 6.0 + Sun N1 Service Provisioning System 6.0 + Sun N1 Service Provisioning System 5.2 + Sun N1 Service Provisioning System 5.2
Not Vulnerable:

Sun Java System Web Server 7.0 Plugin for Sun N1SPS Remote Authentication Bypass Vulnerability

Sun Java System Web Server 7.0 plugin for Sun N1 Service Provisioning System (N1SPS) is prone to a remote authentication-bypass vulnerability.

Successfully exploiting this issue will allow attackers to gain unauthorized administrative access to the Sun Java System Web Server.

Sun N1 Service Provisioning System 5.2 and 6.0 with the Java System Web Server 7.0 plugin installed are vulnerable.

Sun Java System Web Server 7.0 Plugin for Sun N1SPS Remote Authentication Bypass Vulnerability

An attacker can exploit these issues via a browser.

Sun Java System Web Server 7.0 Plugin for Sun N1SPS Remote Authentication Bypass Vulnerability

Solution:
The vendor has released fixes and an advisory. Please see the references for details.

Sun Java System Web Server 7.0 Plugin for Sun N1SPS Remote Authentication Bypass Vulnerability

References:

• Sun Advisory 239566 - Security Vulnerability in Sun Java System Web Server 7.0 p (Sun)