Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2009-2713
HistoryAug 07, 2009 - 7:00 p.m.

CVE-2009-2713

2009-08-0719:00:01
[email protected]
web.nvd.nist.gov
37
cdcservlet
sun java system access manager
cross domain single sign on
cdsso
cve-2009-2713
security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.7%

JSON

The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that “policy advice” is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.

Affected configurations

NVD
Node
sunjava_system_access_managerMatch6.3_2005q1solaris_10_sparc
OR
sunjava_system_access_managerMatch6.3_2005q1solaris_8_sparc
OR
sunjava_system_access_managerMatch6.3_2005q1solaris_9_sparc
OR
sunjava_system_access_managerMatch7.1solaris_10_sparc
OR
sunjava_system_access_managerMatch7.1solaris_8_sparc
OR
sunjava_system_access_managerMatch7.1solaris_9_sparc
OR
sunjava_system_access_managerMatch7_2005q4solaris_10_sparc
OR
sunjava_system_access_managerMatch7_2005q4solaris_8_sparc
OR
sunjava_system_access_managerMatch7_2005q4solaris_9_sparc
Node
sunjava_system_access_managerMatch6.3_2005q1solaris_10_x86
OR
sunjava_system_access_managerMatch6.3_2005q1solaris_8_x86
OR
sunjava_system_access_managerMatch6.3_2005q1solaris_9_x86
OR
sunjava_system_access_managerMatch7.1solaris_10_x86
OR
sunjava_system_access_managerMatch7.1solaris_8_x86
OR
sunjava_system_access_managerMatch7.1solaris_9_x86
OR
sunjava_system_access_managerMatch7_2005q4solaris_10_x86
OR
sunjava_system_access_managerMatch7_2005q4solaris_8_x86
OR
sunjava_system_access_managerMatch7_2005q4solaris_9_x86
Node
sunjava_system_access_managerMatch6.3_2005q1solaris_10_linux
OR
sunjava_system_access_managerMatch6.3_2005q1solaris_8_linux
OR
sunjava_system_access_managerMatch6.3_2005q1solaris_9_linux
OR
sunjava_system_access_managerMatch7.1solaris_10_linux
OR
sunjava_system_access_managerMatch7.1solaris_8_linux
OR
sunjava_system_access_managerMatch7.1solaris_9_linux
OR
sunjava_system_access_managerMatch7_2005q4solaris_10_linux
OR
sunjava_system_access_managerMatch7_2005q4solaris_8_linux
OR
sunjava_system_access_managerMatch7_2005q4solaris_9_linux
Node
sunjava_system_access_managerMatch7.0_2005q4windows
OR
sunjava_system_access_managerMatch7.1windows
Node
sunjava_system_web_serverMatch7.0hp_ux
Node
sunjava_system_access_managerMatch7.1war

Related

nvd 1
prion 1
cvelist 1
openvas 2
nessus 16
nvd
nvd
CVE-2009-2713
2009-08-07 19:00:01
prion
prion
Cross site scripting
2009-08-07 19:00:00
cvelist
cvelist
CVE-2009-2713
2009-08-07 18:33:00
openvas
openvas
Sun Java System Access Manager Information Disclosure vulnerability
2009-08-26 00:00:00
Sun Java System Access Manager Information Disclosure vulnerability
2009-08-26 00:00:00
nessus
nessus
Solaris 5.8 (sparc) : 126356-03
2008-01-18 00:00:00
Solaris 5.10 (sparc) : 126356-03
2008-01-18 00:00:00
Solaris 5.9 (sparc) : 126356-03
2008-01-18 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.7%

JSON
Related for CVE-2009-2713
nvd1prion1cvelist1openvas2nessus16