SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionThe remote host is running a version of Sun Java System Access Manager 7.1 earlier than Patch 2. Such versions are potentially affected by multiple issues :
- A vulnerability may allow unauthorized access to resources by revealing passwords to remote users who have privileges to access the administration console. (1-66-242166-1)
- A sub-realm administrator may be able to escalate their privileges and access the root realm as an administrator. (1-66-249106-1)
- A username-enumeration weakness could allow an attacker to determine valid user-names. (1-66-242026-1)
SolutionUpgrade to Sun Java System Access Manager 7.1 Patch 2. This may require different patches depending on your installation type.