CVE-2009-1357

Published: Apr 23, 2009Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter.

Affected (9)

Products: Sun: Java System Delegated Administrator

1 product

Java System Delegated Administrator

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Sun Java System Delegated Administrator	Version 6.2
Sun Java System Delegated Administrator	Version 6.3
Sun Java System Delegated Administrator	Version 6.4

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Sun Java System Delegated Administrator	Version 6.2
Sun Java System Delegated Administrator	Version 6.3
Sun Java System Delegated Administrator	Version 6.4

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Sun Java System Delegated Administrator	Version 6.2
Sun Java System Delegated Administrator	Version 6.3
Sun Java System Delegated Administrator	Version 6.4

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (22)

http://osvdb.org/53920

Source: cve@mitre.org

http://secunia.com/advisories/34760

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1022108

Source: cve@mitre.org

Patch

http://sunsolve.sun.com/search/document.do?assetkey=1-21-121581-20-1

Source: cve@mitre.org

Patch

http://sunsolve.sun.com/search/document.do?assetkey=1-66-255928-1

Source: cve@mitre.org

PatchVendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020305.1-1

Source: cve@mitre.org

http://www.coresecurity.com/content/sun-delegated-administrator

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/502863/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/34643

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2009/1122

Source: cve@mitre.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/50004

Source: cve@mitre.org

http://osvdb.org/53920

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34760

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1022108

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://sunsolve.sun.com/search/document.do?assetkey=1-21-121581-20-1

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://sunsolve.sun.com/search/document.do?assetkey=1-66-255928-1

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020305.1-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.coresecurity.com/content/sun-delegated-administrator

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/502863/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/34643

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.vupen.com/english/advisories/2009/1122

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/50004

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.