Description
cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack.
References (7)
Core 7
Core References
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102779-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23900
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0316
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017547
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22192
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/31700
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/31671
Scores
EPSS
0.0007
EPSS Percentile
20.4%
Details
Status
published
Products (2)
sun/ray_server_software
2.0
sun/ray_server_software
3.0
Published
Jan 25, 2007
Tracked Since
Feb 18, 2026