Summary
Sun Cobalt machines contain a firewall mechanism, this mechanism can be configured remotely by accessing Cobalt's built-in HTTP server. Upon access to the HTTP server, a java based administration program would start, where a user is required to enter a pass phrase in order to authenticate himself. Since no username is required, just a passphrase bruteforcing of this interface is easier.
Solution
Access to this port (by default set to port 8181) should not be permitted from the outside. Further access to the firewall interface itself should not be allowed (by default set to port 2005).
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Apr14 (Mac OS X)
- Adobe Reader Multiple Vulnerabilities - Aug07 (Mac OS X)
- Adobe Reader Information Disclosure Vulnerability Jun05 (Mac OS X)
- Brother HL-5370DW Printer 'post/panel.html' Security Bypass Vulnerability