CVE-2009-2713

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.

References

http://secunia.com/advisories/36167

http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1

http://www.securityfocus.com/bid/35961

http://www.vupen.com/english/advisories/2009/2176

Details

Source: MITRE

Published: 2009-08-07

Updated: 2009-08-15

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_sparc:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_x86:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_linux:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:windows:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:windows:*:*:*:*:*

Configuration 5

OR

cpe:2.3:a:sun:java_system_web_server:7.0:*:hp_ux:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:sun:java_system_access_manager:7.1:*:war:*:*:*:*:*

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
107950Solaris 10 (x86) : 126357-06NessusSolaris Local Security Checks
critical
107871Solaris 10 (x86) : 120955-12NessusSolaris Local Security Checks
critical
107450Solaris 10 (sparc) : 126356-06NessusSolaris Local Security Checks
critical
107369Solaris 10 (sparc) : 120954-12NessusSolaris Local Security Checks
critical
44085Solaris 5.9 (x86) : 126356-03NessusSolaris Local Security Checks
critical
5133Sun Java System Access Manager 7.1 < Patch 3 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
38126Solaris 10 (x86) : 120955-12 (deprecated)NessusSolaris Local Security Checks
critical
38005Solaris 9 (x86) : 120955-12NessusSolaris Local Security Checks
critical
37533Solaris 9 (sparc) : 120954-12NessusSolaris Local Security Checks
critical
37271Solaris 8 (sparc) : 120954-12NessusSolaris Local Security Checks
critical
36756Solaris 10 (sparc) : 120954-12 (deprecated)NessusSolaris Local Security Checks
critical
30014Solaris 5.9 (x86) : 126357-03NessusSolaris Local Security Checks
critical
30013Solaris 5.9 (sparc) : 126356-03NessusSolaris Local Security Checks
critical
30012Solaris 5.8 (x86) : 126357-03NessusSolaris Local Security Checks
critical
30011Solaris 5.8 (sparc) : 126356-03NessusSolaris Local Security Checks
critical
30010Solaris 5.10 (x86) : 126357-03NessusSolaris Local Security Checks
critical
30007Solaris 5.10 (sparc) : 126356-03NessusSolaris Local Security Checks
critical