Executive Summary
Summary | |
---|---|
Title | Sun Alert 268228 Vulnerability in Sun Ray Server Software due to Logout Failure |
Informations | |||
---|---|---|---|
Name | SUN-268228 | First vendor Publication | 2009-12-10 |
Vendor | Sun | Last vendor Modification | 2009-12-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.4 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Sun Ray Server Software 4.1 When a local user logs out of a Sun Ray desktop session, the session may log the user back in again. The user may be unaware that the session has logged in again and is unlocked, which may allow another user to access to the desktop session. The issue does not occur when one locks the screen or when the smartcard used to access a session is removed from the Sun Ray DTU. State: Resolved First released: 10-Dec-2009 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_268228_vulnerability_in |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
60975 | Sun Ray Server Software Desktop Session Handling Automatic Re-login Weakness |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-01-07 | Name : The remote host is missing Sun Security Patch number 139548-07 File : solaris10_139548.nasl - Type : ACT_GATHER_INFO |