This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2007-01-31
Product Java System Access Manager Last view 2009-07-01
Version 7.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:sun:java_system_access_manager

Activity : Overall

Related : CVE

  Date Alert Description
2.6 2009-07-01 CVE-2009-2268

Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5 2008-06-30 CVE-2008-2945

Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.

4.3 2007-01-31 CVE-2007-0628

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
50% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
55451 Sun Java System Access Manager Cross-Domain Controller (CDC) Unspecified XSS
46579 Sun Java System Access Manager XSLT Stylesheet Processing Arbitrary Code Exec...
33010 Sun Java System Access Manager Multiple XSS

Nessus® Vulnerability Scanner

id Description
2009-04-23 Name: The remote host is missing Sun Security Patch number 120954-12
File: solaris10_120954.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 120955-12
File: solaris10_x86_120955.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 120954-12
File: solaris8_120954.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 120954-12
File: solaris9_120954.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 120955-12
File: solaris9_x86_120955.nasl - Type: ACT_GATHER_INFO
2008-02-05 Name: The remote host is missing Sun Security Patch number 117586-22
File: solaris8_117586.nasl - Type: ACT_GATHER_INFO
2008-02-05 Name: The remote host is missing Sun Security Patch number 117586-22
File: solaris9_117586.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119465-17
File: solaris10_119465.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119465-17
File: solaris10_x86_119465.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 115766-15
File: solaris8_115766.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119465-17
File: solaris8_119465.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119465-17
File: solaris8_x86_119465.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 115766-15
File: solaris9_115766.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119465-17
File: solaris9_119465.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119465-17
File: solaris9_x86_119465.nasl - Type: ACT_GATHER_INFO