{"api_version":"1","generated_at":"2026-04-24T18:54:41+00:00","cve":"CVE-2009-1075","urls":{"html":"https://cve.report/CVE-2009-1075","api":"https://cve.report/api/cve/CVE-2009-1075.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-1075","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-1075"},"summary":{"title":"CVE-2009-1075","description":"Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.","state":"PUBLISHED","assigner":"mitre","published_at":"2009-03-25 15:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-255","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"#253267: Sun Java System Identity Manager Security Vulnerabilities","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://www.securityfocus.com/bid/34191","name":"http://www.securityfocus.com/bid/34191","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"],"title":"Sun Java System Identity Manager Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java","name":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Security","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2009/0797","name":"http://www.vupen.com/english/advisories/2009/0797","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1021881","name":"http://securitytracker.com/id?1021881","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sun Java System Identity Manager Bugs Let Local and Remote Users Gain Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/34380","name":"http://secunia.com/advisories/34380","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Sun Java System Identity Manager Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-1075","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-1075","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"1075","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_identity_manager","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1075","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_identity_manager","cpe6":"7.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1075","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_identity_manager","cpe6":"7.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1075","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_identity_manager","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T04:57:17.723Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1"},{"name":"253267","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1"},{"name":"1021881","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1021881"},{"name":"34191","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/34191"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java"},{"name":"ADV-2009-0797","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/0797"},{"name":"34380","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/34380"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2009-03-25T15:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1"},{"name":"253267","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1"},{"name":"1021881","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1021881"},{"name":"34191","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/34191"},{"tags":["x_refsource_CONFIRM"],"url":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java"},{"name":"ADV-2009-0797","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/0797"},{"name":"34380","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/34380"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2009-1075","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1","refsource":"CONFIRM","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1"},{"name":"253267","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1"},{"name":"1021881","refsource":"SECTRACK","url":"http://securitytracker.com/id?1021881"},{"name":"34191","refsource":"BID","url":"http://www.securityfocus.com/bid/34191"},{"name":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java","refsource":"CONFIRM","url":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java"},{"name":"ADV-2009-0797","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2009/0797"},{"name":"34380","refsource":"SECUNIA","url":"http://secunia.com/advisories/34380"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2009-1075","datePublished":"2009-03-25T15:00:00.000Z","dateReserved":"2009-03-25T00:00:00.000Z","dateUpdated":"2024-09-17T03:28:35.745Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-03-25 15:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-255","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*","matchCriteriaId":"0980492E-B7DB-4B9F-A400-FDC47DB89A95"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*","matchCriteriaId":"3A5C87C0-3734-4568-97A6-6AB8979AABE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_identity_manager:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"E1E3B2F0-90E6-4868-915F-87131711EEE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_identity_manager:8.0:*:*:*:*:*:*:*","matchCriteriaId":"90BC0B23-0CEE-489B-B89A-8776272EC8D2"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"1075","Ordinal":"1","Title":"CVE-2009-1075","CVE":"CVE-2009-1075","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"1075","Ordinal":"1","NoteData":"Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.","Type":"Description","Title":"CVE-2009-1075"},{"CveYear":"2009","CveId":"1075","Ordinal":"2","NoteData":"2009-03-25","Type":"Other","Title":"Published"}]}}}