Web application abuses : Sun Java System Access Manager Information Disclosure vulnerability

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.900195

Category: Web application abuses

Title: Sun Java System Access Manager Information Disclosure vulnerability

Summary: Java System Access Manager is prone to an information disclosure vulnerability.

Description: Summary:
Java System Access Manager is prone to an information disclosure vulnerability.

Vulnerability Insight:
Error in CDCServlet component is caused when 'Cross Domain Single Sign On'
(CDSSO) is enabled which does not ensure that 'policy advice' is presented
to the correct client, which can be exploited via unspecified vectors.

Vulnerability Impact:
Successful exploitation could allow remote unprivileged user to gain the
sensitive information.

Affected Software/OS:
Java System Access Manager version 7.0 2005Q4 and 7.1

Solution:
Apply the security updates from the referenced advisories.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2713
BugTraq ID: 35961
http://www.securityfocus.com/bid/35961
http://secunia.com/advisories/36167
http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1
http://www.vupen.com/english/advisories/2009/2176

Copyright Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.900195
Category:	Web application abuses
Title:	Sun Java System Access Manager Information Disclosure vulnerability
Summary:	Java System Access Manager is prone to an information disclosure vulnerability.
Description:	Summary: Java System Access Manager is prone to an information disclosure vulnerability. Vulnerability Insight: Error in CDCServlet component is caused when 'Cross Domain Single Sign On' (CDSSO) is enabled which does not ensure that 'policy advice' is presented to the correct client, which can be exploited via unspecified vectors. Vulnerability Impact: Successful exploitation could allow remote unprivileged user to gain the sensitive information. Affected Software/OS: Java System Access Manager version 7.0 2005Q4 and 7.1 Solution: Apply the security updates from the referenced advisories. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2713 BugTraq ID: 35961 http://www.securityfocus.com/bid/35961 http://secunia.com/advisories/36167 http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1 http://www.vupen.com/english/advisories/2009/2176
Copyright	Copyright (C) 2009 Greenbone AG