Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1074

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-1074
Last Modified 06 Oct 2009 12:00:00
Published 25 Mar 2009 11:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1074

Summary

Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack of support for relative URLs.

Vulnerable Systems

Application

  • Sun Java System Identity Manager 7.0

  • Sun Java System Identity Manager 7.1

  • Sun Java System Identity Manager 7.1.1

  • Sun Java System Identity Manager 8.0


References

BID - 34191

SUNALERT - 253267

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1

CONFIRM - http://blogs.sun.com/security/entry/sun_alert_253267_sun_java

VUPEN - ADV-2009-0797

SECTRACK - 1021881

SECUNIA - 34380


Last Updated: 27 May 2016 10:50:27