Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2713

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-2713
Last Modified 15 Aug 2009 01:23:22
Published 07 Aug 2009 03:00:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2713

Summary

The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.

Vulnerable Systems

Application

  • Sun Java System Access Manager 6.3 2005q1

  • Sun Java System Access Manager 7 2005q4

  • Sun Java System Access Manager 7.0 2005q4

  • Sun Java System Access Manager 7.1

  • Sun Java System Web Server 7.0


References

BID - 35961

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1

VUPEN - ADV-2009-2176

SUNALERT - 255968

SECUNIA - 36167


Last Updated: 27 May 2016 10:51:00