This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2009-01-29
Product Java System Access Manager Last view 2009-08-07
Version 7.1 Type Application
Update *  
Edition solaris_9_sparc  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:sun:java_system_access_manager

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2009-08-07 CVE-2009-2713

The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.

2.1 2009-08-07 CVE-2009-2712

Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.

2.6 2009-07-01 CVE-2009-2268

Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5 2009-01-29 CVE-2009-0348

The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-264 Permissions, Privileges, and Access Controls
33% (1) CWE-200 Information Exposure
33% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Open Source Vulnerability Database (OSVDB)

id Description
56816 Sun Java System Access Manager CDCServlet Component CDSSO Unspecified Informa...
56815 Sun Java System Access Manager AMConfig.properties com.iplanet.services.debug...
55451 Sun Java System Access Manager Cross-Domain Controller (CDC) Unspecified XSS
51666 Sun Java System Access Manager Login Module User Account Enumeration Weakness

OpenVAS Exploits

id Description
2009-08-26 Name : Sun Java System Access Manager Information Disclosure vulnerability
File : nvt/secpod_sjs_access_manager_info_disc_vuln.nasl
2009-08-26 Name : Sun JS Access Manager And OpenSSO Information Disclosure vulnerability
File : nvt/secpod_sjs_am_n_opensso_info_disc_vuln.nasl

Nessus® Vulnerability Scanner

id Description
2009-04-23 Name: The remote host is missing Sun Security Patch number 120954-12
File: solaris10_120954.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 120955-12
File: solaris10_x86_120955.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 120954-12
File: solaris8_120954.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 120954-12
File: solaris9_120954.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 120955-12
File: solaris9_x86_120955.nasl - Type: ACT_GATHER_INFO
2009-02-09 Name: The remote web server contains a module that leaks information.
File: amserver_user_enumeration.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119465-17
File: solaris10_119465.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119465-17
File: solaris10_x86_119465.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119465-17
File: solaris8_119465.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119465-17
File: solaris8_x86_119465.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119465-17
File: solaris9_119465.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119465-17
File: solaris9_x86_119465.nasl - Type: ACT_GATHER_INFO