This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2009-01-29
Product Java System Access Manager Last view 2009-08-07
Version 7_2005q4 Type Application
Update *  
Edition solaris_9_linux  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:sun:java_system_access_manager

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2009-08-07 CVE-2009-2713

The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.

2.1 2009-08-07 CVE-2009-2712

Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.

5 2009-01-29 CVE-2009-0348

The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-264 Permissions, Privileges, and Access Controls
50% (1) CWE-200 Information Exposure

Open Source Vulnerability Database (OSVDB)

id Description
56816 Sun Java System Access Manager CDCServlet Component CDSSO Unspecified Informa...
56815 Sun Java System Access Manager AMConfig.properties com.iplanet.services.debug...
51666 Sun Java System Access Manager Login Module User Account Enumeration Weakness

OpenVAS Exploits

id Description
2009-08-26 Name : Sun Java System Access Manager Information Disclosure vulnerability
File : nvt/secpod_sjs_access_manager_info_disc_vuln.nasl
2009-08-26 Name : Sun JS Access Manager And OpenSSO Information Disclosure vulnerability
File : nvt/secpod_sjs_am_n_opensso_info_disc_vuln.nasl

Nessus® Vulnerability Scanner

id Description
2009-04-23 Name: The remote host is missing Sun Security Patch number 120954-12
File: solaris10_120954.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 120955-12
File: solaris10_x86_120955.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 120954-12
File: solaris8_120954.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 120954-12
File: solaris9_120954.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote host is missing Sun Security Patch number 120955-12
File: solaris9_x86_120955.nasl - Type: ACT_GATHER_INFO
2009-02-09 Name: The remote web server contains a module that leaks information.
File: amserver_user_enumeration.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119465-17
File: solaris10_119465.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119465-17
File: solaris10_x86_119465.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119465-17
File: solaris8_119465.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119465-17
File: solaris8_x86_119465.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119465-17
File: solaris9_119465.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119465-17
File: solaris9_x86_119465.nasl - Type: ACT_GATHER_INFO