CVE-2009-2713
Summary
| CVE | CVE-2009-2713 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-08-07 19:00:00 UTC |
| Updated | 2009-08-15 05:23:00 UTC |
| Description | The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sun | Java System Access Manager | 6.3_2005q1 | All | solaris_10_linux | All |
| Application | Sun | Java System Access Manager | 6.3_2005q1 | All | solaris_10_sparc | All |
| Application | Sun | Java System Access Manager | 6.3_2005q1 | All | solaris_10_x86 | All |
| Application | Sun | Java System Access Manager | 6.3_2005q1 | All | solaris_8_linux | All |
| Application | Sun | Java System Access Manager | 6.3_2005q1 | All | solaris_8_sparc | All |
| Application | Sun | Java System Access Manager | 6.3_2005q1 | All | solaris_8_x86 | All |
| Application | Sun | Java System Access Manager | 6.3_2005q1 | All | solaris_9_linux | All |
| Application | Sun | Java System Access Manager | 6.3_2005q1 | All | solaris_9_sparc | All |
| Application | Sun | Java System Access Manager | 6.3_2005q1 | All | solaris_9_x86 | All |
| Application | Sun | Java System Access Manager | 7.0_2005q4 | All | windows | All |
| Application | Sun | Java System Access Manager | 7.1 | All | solaris_10_linux | All |
| Application | Sun | Java System Access Manager | 7.1 | All | solaris_10_sparc | All |
| Application | Sun | Java System Access Manager | 7.1 | All | solaris_10_x86 | All |
| Application | Sun | Java System Access Manager | 7.1 | All | solaris_8_linux | All |
| Application | Sun | Java System Access Manager | 7.1 | All | solaris_8_sparc | All |
| Application | Sun | Java System Access Manager | 7.1 | All | solaris_8_x86 | All |
| Application | Sun | Java System Access Manager | 7.1 | All | solaris_9_linux | All |
| Application | Sun | Java System Access Manager | 7.1 | All | solaris_9_sparc | All |
| Application | Sun | Java System Access Manager | 7.1 | All | solaris_9_x86 | All |
| Application | Sun | Java System Access Manager | 7.1 | All | war | All |
| Application | Sun | Java System Access Manager | 7.1 | All | windows | All |
| Application | Sun | Java System Access Manager | 7_2005q4 | All | solaris_10_linux | All |
| Application | Sun | Java System Access Manager | 7_2005q4 | All | solaris_10_sparc | All |
| Application | Sun | Java System Access Manager | 7_2005q4 | All | solaris_10_x86 | All |
| Application | Sun | Java System Access Manager | 7_2005q4 | All | solaris_8_linux | All |
| Application | Sun | Java System Access Manager | 7_2005q4 | All | solaris_8_sparc | All |
| Application | Sun | Java System Access Manager | 7_2005q4 | All | solaris_8_x86 | All |
| Application | Sun | Java System Access Manager | 7_2005q4 | All | solaris_9_linux | All |
| Application | Sun | Java System Access Manager | 7_2005q4 | All | solaris_9_sparc | All |
| Application | Sun | Java System Access Manager | 7_2005q4 | All | solaris_9_x86 | All |
| Application | Sun | Java System Access Manager | 6.3_2005q1 | All | solaris_10_linux | All |
| Application | Sun | Java System Access Manager | 6.3_2005q1 | All | solaris_10_sparc | All |
| Application | Sun | Java System Access Manager | 6.3_2005q1 | All | solaris_10_x86 | All |
| Application | Sun | Java System Access Manager | 6.3_2005q1 | All | solaris_8_linux | All |
| Application | Sun | Java System Access Manager | 6.3_2005q1 | All | solaris_8_sparc | All |
| Application | Sun | Java System Access Manager | 6.3_2005q1 | All | solaris_8_x86 | All |
| Application | Sun | Java System Access Manager | 6.3_2005q1 | All | solaris_9_linux | All |
| Application | Sun | Java System Access Manager | 6.3_2005q1 | All | solaris_9_sparc | All |
| Application | Sun | Java System Access Manager | 6.3_2005q1 | All | solaris_9_x86 | All |
| Application | Sun | Java System Access Manager | 7.0_2005q4 | All | windows | All |
| Application | Sun | Java System Access Manager | 7.1 | All | solaris_10_linux | All |
| Application | Sun | Java System Access Manager | 7.1 | All | solaris_10_sparc | All |
| Application | Sun | Java System Access Manager | 7.1 | All | solaris_10_x86 | All |
| Application | Sun | Java System Access Manager | 7.1 | All | solaris_8_linux | All |
| Application | Sun | Java System Access Manager | 7.1 | All | solaris_8_sparc | All |
| Application | Sun | Java System Access Manager | 7.1 | All | solaris_8_x86 | All |
| Application | Sun | Java System Access Manager | 7.1 | All | solaris_9_linux | All |
| Application | Sun | Java System Access Manager | 7.1 | All | solaris_9_sparc | All |
| Application | Sun | Java System Access Manager | 7.1 | All | solaris_9_x86 | All |
| Application | Sun | Java System Access Manager | 7.1 | All | war | All |
| Application | Sun | Java System Access Manager | 7.1 | All | windows | All |
| Application | Sun | Java System Access Manager | 7_2005q4 | All | solaris_10_linux | All |
| Application | Sun | Java System Access Manager | 7_2005q4 | All | solaris_10_sparc | All |
| Application | Sun | Java System Access Manager | 7_2005q4 | All | solaris_10_x86 | All |
| Application | Sun | Java System Access Manager | 7_2005q4 | All | solaris_8_linux | All |
| Application | Sun | Java System Access Manager | 7_2005q4 | All | solaris_8_sparc | All |
| Application | Sun | Java System Access Manager | 7_2005q4 | All | solaris_8_x86 | All |
| Application | Sun | Java System Access Manager | 7_2005q4 | All | solaris_9_linux | All |
| Application | Sun | Java System Access Manager | 7_2005q4 | All | solaris_9_sparc | All |
| Application | Sun | Java System Access Manager | 7_2005q4 | All | solaris_9_x86 | All |
| Application | Sun | Java System Web Server | 7.0 | All | hp_ux | All |
| Application | Sun | Java System Web Server | 7.0 | All | hp_ux | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| sunsolve.sun.com/search/document.do | CONFIRM | sunsolve.sun.com | Patch |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Sun Java System Access Manager CDCServlet Component Information Disclosure - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Sun Java System Access Manager CDCServlet Component Information Disclosure Vulnerability | BID | www.securityfocus.com | Patch |
| 255968 | SUNALERT | sunsolve.sun.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.