Sun Java System Access Manager Multiple Vulnerabilities

Bugtraq ID:	25842
Class:	Configuration Error
CVE:	CVE-2007-5153 CVE-2007-5152
Remote:	Yes
Local:	No
Published:	Sep 27 2007 12:00AM
Updated:	Jul 05 2016 09:38PM
Credit:	The vendor reported these issues.
Vulnerable:	Sun Java System Access Manager 7.1 Windows Sun Java System Access Manager 7.1 Solaris x86 Sun Java System Access Manager 7.1 Solaris SPARC Sun Java System Access Manager 7.1 Linux Sun Java System Access Manager 7.1 HP-UX
Not Vulnerable:

Sun Java System Access Manager Multiple Vulnerabilities

Sun Java System Access Manager is prone to multiple remote vulnerabilities that result from configuration errors.

Exploiting these issues can allow remote attackers to gain unauthorized access to the application or execute arbitrary code in the context of the application.

Sun Java System Access Manager 7.1 is affected by these issues.

Sun Java System Access Manager Multiple Vulnerabilities

The first issue may be carried out with common client applications.

Currently we are not aware of any exploits for the code-execution issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Sun Java System Access Manager Multiple Vulnerabilities

Solution:
The vendor released patches to address these issues. Please see the references for more information.


Sun Java System Access Manager 7.1 Linux

• Sun 126358-01
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -126358-01-1

Sun Java System Access Manager 7.1 Solaris SPARC

• Sun 126356-01
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -126356-01-1

Sun Java System Access Manager 7.1 Solaris x86

• Sun 126357-01
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -126357-01-1

Sun Java System Access Manager 7.1 Windows

• Sun 126359-01
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -126359-01-1

Sun Java System Access Manager Multiple Vulnerabilities

References:

• Java System Access Manager Homepage (Sun)
  
• Solution 200839 : Installation of Sun Java System Access Manager 7.1 on Sun Java (Sun)
  
• Sun Alert ID: 103069 (Sun)