New Search

Management Console Directory Traversal Vulnerability

oval:org.mitre.oval:def:1482

The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inacessible which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Sun Solaris 8
  • Sun Solaris 9
Class:
vulnerability
Reference(s):
  • CVE-2004-1354
Product(s):
  • Solaris Management Console (SMC)