Oracle Java System Access Manager CVE-2010-0894 Remote Vulnerability

Bugtraq ID:	39457
Class:	Unknown
CVE:	CVE-2010-0894
Remote:	Yes
Local:	No
Published:	Apr 13 2010 12:00AM
Updated:	Apr 13 2010 12:00AM
Credit:	Oracle
Vulnerable:	Sun OpenSSO Enterprise 8.0 Sun OpenSSO Enterprise 0 Sun Java System Access Manager 7.1 Windows Sun Java System Access Manager 7.1 Solaris x86 Sun Java System Access Manager 7.1 Solaris SPARC Sun Java System Access Manager 7.1 Linux Sun Java System Access Manager 7.1 HP-UX Sun Java System Access Manager 7.0 2005Q4 Windows Sun Java System Access Manager 7.0 2005Q4 Solaris x Sun Java System Access Manager 7.0 2005Q4 Solaris S Sun Java System Access Manager 7.0 2005Q4 Linux Sun Java System Access Manager 7.0 2005Q4 HP-UX
Not Vulnerable:

Oracle Java System Access Manager CVE-2010-0894 Remote Vulnerability

Oracle Java System Access Manager is prone to a remote vulnerability.

The vulnerability can be exploited over the 'HTTP' protocol. An attacker does not require privileges to exploit this vulnerability.

The following are vulnerable:

Java System Access Manager 7.1
Java System Access Manager 7.0 2005Q4
OpenSSO Enterprise

Oracle Java System Access Manager CVE-2010-0894 Remote Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Oracle Java System Access Manager CVE-2010-0894 Remote Vulnerability

Solution:
Vendor updates are available. Please contact the vendor for more information.


Sun Java System Access Manager 7.0 2005Q4 Windows

• Sun 124296-11
  for Windows
  http://sunsolve.sun.com/pdownload.do?target=124296-11&method=h

Sun Java System Access Manager 7.1 HP-UX

• Sun 140504-04
  http://sunsolve.sun.com/pdownload.do?target=140504-04&method=h

Sun Java System Access Manager 7.1 Solaris SPARC

• Sun 126356-04
  for Solaris on SPARC
  http://sunsolve.sun.com/pdownload.do?target=126356-04&method=h


• Sun 140504-04
  http://sunsolve.sun.com/pdownload.do?target=140504-04&method=h

Sun Java System Access Manager 7.0 2005Q4 Solaris S

• Sun 120954-11
  for Solaris on SPARC
  http://sunsolve.sun.com/pdownload.do?target=120954-11&method=h

Sun OpenSSO Enterprise 8.0

• Sun 141655-03
  http://sunsolve.sun.com/pdownload.do?target=141655-03&method=h

Sun Java System Access Manager 7.0 2005Q4 HP-UX

• Sun 126371-11
  for HP-UX
  http://sunsolve.sun.com/pdownload.do?target=126371-11&method=h

Sun Java System Access Manager 7.1 Linux

• Sun 126358-04
  for Linux
  http://sunsolve.sun.com/pdownload.do?target=126358-04&method=h


• Sun 140504-04
  http://sunsolve.sun.com/pdownload.do?target=140504-04&method=h

Sun Java System Access Manager 7.0 2005Q4 Solaris x

• Sun 120955-11
  for Solaris on x86
  http://sunsolve.sun.com/pdownload.do?target=120955-11&method=h

Sun Java System Access Manager 7.0 2005Q4 Linux

• Sun 120956-11
  for Linux
  http://sunsolve.sun.com/pdownload.do?target=120956-11&method=h

Sun Java System Access Manager 7.1 Windows

• Sun 126359-04
  for Windows
  http://sunsolve.sun.com/pdownload.do?target=126359-04&method=h


• Sun 140504-04
  http://sunsolve.sun.com/pdownload.do?target=140504-04&method=h

Sun Java System Access Manager 7.1 Solaris x86

• Sun 126357-04
  for Solaris on x86
  http://sunsolve.sun.com/pdownload.do?target=126357-04&method=h


• Sun 140504-04
  http://sunsolve.sun.com/pdownload.do?target=140504-04&method=h

Oracle Java System Access Manager CVE-2010-0894 Remote Vulnerability

References:

• #267568: This Alert Covers CVE-2010-0894 for the Sun Java System Access Manager (Oracle)
  
• Oracle Critical Patch Update April 2010 (Oracle)