Sun Java System Access Manager Information Disclosure Vulnerability Network Vulnerability

Summary

The host is running Java System Access Manager and is prone to information disclosure vulnerability.

Impact

Successful exploitation could allow remote unprivileged user to gain the sensitive information. Impact Level: Application

Solution

Apply the security updates. http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1 ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****

Insight

Error in CDCServlet component is caused when 'Cross Domain Single Sign On' (CDSSO) is enabled which does not ensure that 'policy advice' is presented to the correct client, which can be exploited via unspecified vectors.

Affected

Java System Access Manager version 7.0 2005Q4 and 7.1

References

http://secunia.com/advisories/36167
http://www.vupen.com/english/advisories/2009/2176

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2713

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
Apache Struts2 showcase namespace XSS Vulnerability

Sun Java System Access Manager Information Disclosure vulnerability

Take action and discover your vulnerabilities