Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Sun Java System Access Manager 7.1 < Patch 2 Multiple Vulnerabilities

Medium

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running a version of Sun Java System Access Manager 7.1 earlier than Patch 2. Such versions are potentially affected by multiple issues :

- A vulnerability may allow unauthorized access to resources by revealing passwords to remote users who have privileges to access the administration console. (1-66-242166-1)

- A sub-realm administrator may be able to escalate their privileges and access the root realm as an administrator. (1-66-249106-1)

- A username-enumeration weakness could allow an attacker to determine valid user-names. (1-66-242026-1)

Solution

Upgrade to Sun Java System Access Manager 7.1 Patch 2. This may require different patches depending on your installation type.