CVE-2009-2712

LOW
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.

References

http://osvdb.org/56815

http://secunia.com/advisories/36169

http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1

http://www.securityfocus.com/bid/35963

http://www.vupen.com/english/advisories/2009/2177

Details

Source: MITRE

Published: 2009-08-07

Updated: 2009-08-15

Type: CWE-264

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_sparc:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_x86:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_linux:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:windows:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:windows:*:*:*:*:*

Configuration 5

OR

cpe:2.3:a:sun:java_system_web_server:7.0:*:hp_ux:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:sun:java_system_access_manager:7.1:*:war:*:*:*:*:*

cpe:2.3:a:sun:opensso_enterprise:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
107950Solaris 10 (x86) : 126357-06NessusSolaris Local Security Checks
critical
107871Solaris 10 (x86) : 120955-12NessusSolaris Local Security Checks
critical
107821Solaris 10 (x86) : 119465-17NessusSolaris Local Security Checks
medium
107450Solaris 10 (sparc) : 126356-06NessusSolaris Local Security Checks
critical
107369Solaris 10 (sparc) : 120954-12NessusSolaris Local Security Checks
critical
107318Solaris 10 (sparc) : 119465-17NessusSolaris Local Security Checks
medium
44085Solaris 5.9 (x86) : 126356-03NessusSolaris Local Security Checks
critical
5133Sun Java System Access Manager 7.1 < Patch 3 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
38126Solaris 10 (x86) : 120955-12 (deprecated)NessusSolaris Local Security Checks
critical
38005Solaris 9 (x86) : 120955-12NessusSolaris Local Security Checks
critical
37533Solaris 9 (sparc) : 120954-12NessusSolaris Local Security Checks
critical
37271Solaris 8 (sparc) : 120954-12NessusSolaris Local Security Checks
critical
36756Solaris 10 (sparc) : 120954-12 (deprecated)NessusSolaris Local Security Checks
critical
30014Solaris 5.9 (x86) : 126357-03NessusSolaris Local Security Checks
critical
30013Solaris 5.9 (sparc) : 126356-03NessusSolaris Local Security Checks
critical
30012Solaris 5.8 (x86) : 126357-03NessusSolaris Local Security Checks
critical
30011Solaris 5.8 (sparc) : 126356-03NessusSolaris Local Security Checks
critical
30010Solaris 5.10 (x86) : 126357-03NessusSolaris Local Security Checks
critical
30007Solaris 5.10 (sparc) : 126356-03NessusSolaris Local Security Checks
critical
23611Solaris 9 (x86) : 119465-17NessusSolaris Local Security Checks
medium
23553Solaris 9 (sparc) : 119465-17NessusSolaris Local Security Checks
medium
23466Solaris 8 (x86) : 119465-17NessusSolaris Local Security Checks
medium
23415Solaris 8 (sparc) : 119465-17NessusSolaris Local Security Checks
medium
22989Solaris 10 (x86) : 119465-17 (deprecated)NessusSolaris Local Security Checks
medium
22956Solaris 10 (sparc) : 119465-17 (deprecated)NessusSolaris Local Security Checks
medium