Summary
The host is running Access Manager or OpenSSO and is prone to information disclosure vulnerability.
Impact
Successful exploitation could allow remote unprivileged user to gain the sensitive information.
Impact Level: System/Application
Solution
Apply the security updates.
http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1
*****
NOTE: Ignore this warning if above mentioned patch is already applied.
*****
Insight
Error exists when 'AMConfig.properties' enables the debug flag, allows local users to discover cleartext passwords by reading debug files.
Affected
Sun OpenSSO Enterprise version 8.0
Java System Access Manager version 6.3 2005Q1 or 7.0 2005Q4 or 7.1
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-2712 -
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Novatel Wireless MiFi 2352 Password Information Disclosure Vulnerability
- phpMyFAQ 'index.php' Cross Site Scripting Vulnerability
- Serendipity 'serendipity_admin.php' Cross Site Scripting Vulnerability
- OneOrZero AIMS 'index.php' Cross Site Scripting Vulnerability
- phpMyAdmin 'db_create.php' Cross Site Scripting Vulnerability