Summary
Sun Cobalt machines contain a firewall mechanism, this mechanism can be configured remotely by accessing Cobalt's built-in HTTP server. Upon access to the HTTP server, a java based administration program would start, where a user is required to enter a pass phrase in order to authenticate himself. Since no username is required, just a passphrase bruteforcing of this interface is easier.
Solution
Access to this port (by default set to port 8181) should not be permitted from the outside. Further access to the firewall interface itself should not be allowed (by default set to port 2005).
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Windows)
- Apache Tomcat servlet/JSP container default files
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Windows)
- Asterisk SIP REGISTER Response Username Enumeration Vulnerability
- Adobe Reader Multiple Vulnerabilities - Aug07 (Mac OS X)