Vulnerability Note VU#881254
Sun Java System Portal Server fails to properly handle changes to display options
There is a vulnerability in the Sun Java System Portal Server, which could allow a remote, authenticated user to gain access to the administrative credentials of the Calendar server.
The Sun Java System Portal Server is a content management system that provides centralized login capabilities and administration. The Calendar Server is an optional product that can be used by the portal server to provide users the ability to collaboratively manage schedules and share resources. A vulnerability exists in the way changes to the display options are handled by the Sun Java System Portal Server. By changing the display options to a non-default view, a user could gain access to the administrative credentials on the Calendar Server.
According to the Sun Security Alert, this vulnerability only occurs if the following two conditions are true:
A remote, authenticated user could gain access to the administrative credentials of the Calendar server.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Sun Microsystems Inc.||Affected||-||23 Jul 2004|
CVSS Metrics (Learn More)
This vulnerability was reported by Sun Microsystems.
This document was written by Damon Morda.
- CVE IDs: Unknown
- Date Public: 21 Jul 2004
- Date First Published: 23 Jul 2004
- Date Last Updated: 23 Jul 2004
- Severity Metric: 1.31
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.