← Back

CVE-2009-2713

nvd nist
Published: Aug 7, 2009Modified: Apr 23, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:P/I:N/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.

Affected (31)

Sun
2 products
Java System Access Manager
Java System Web Server
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Sun
Java System Access Manager
Version 6.3_2005q1
Java System Access Manager
Version 6.3_2005q1
Java System Access Manager
Version 6.3_2005q1
Java System Access Manager
Version 7.1
Java System Access Manager
Version 7.1
Java System Access Manager
Version 7.1
Java System Access Manager
Version 7_2005q4
Java System Access Manager
Version 7_2005q4
Java System Access Manager
Version 7_2005q4
Configuration B
9 vulnerable
Vulnerable SoftwareAffected Versions
Sun
Java System Access Manager
Version 6.3_2005q1
Java System Access Manager
Version 6.3_2005q1
Java System Access Manager
Version 6.3_2005q1
Java System Access Manager
Version 7.1
Java System Access Manager
Version 7.1
Java System Access Manager
Version 7.1
Java System Access Manager
Version 7_2005q4
Java System Access Manager
Version 7_2005q4
Java System Access Manager
Version 7_2005q4
Configuration C
9 vulnerable
Vulnerable SoftwareAffected Versions
Sun
Java System Access Manager
Version 6.3_2005q1
Java System Access Manager
Version 6.3_2005q1
Java System Access Manager
Version 6.3_2005q1
Java System Access Manager
Version 7.1
Java System Access Manager
Version 7.1
Java System Access Manager
Version 7.1
Java System Access Manager
Version 7_2005q4
Java System Access Manager
Version 7_2005q4
Java System Access Manager
Version 7_2005q4
Configuration D
2 vulnerable
Vulnerable SoftwareAffected Versions
Sun
Java System Access Manager
Version 7.0_2005q4
Java System Access Manager
Version 7.1
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Java System Web Server
Version 7.0
Configuration F
1 vulnerable
Vulnerable SoftwareAffected Versions
Java System Access Manager
Version 7.1

References (10)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.