4.3

CVE-2009-2713

EPSS 0.42%
Published 07.08.2009 19:00:01
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Sun ≫ Java System Access Manager Version6.3_2005q1 Editionsolaris_10_sparc

Sun ≫ Java System Access Manager Version6.3_2005q1 Editionsolaris_8_sparc

Sun ≫ Java System Access Manager Version6.3_2005q1 Editionsolaris_9_sparc

Sun ≫ Java System Access Manager Version7.1 Editionsolaris_10_sparc

Sun ≫ Java System Access Manager Version7.1 Editionsolaris_8_sparc

Sun ≫ Java System Access Manager Version7.1 Editionsolaris_9_sparc

Sun ≫ Java System Access Manager Version7_2005q4 Editionsolaris_10_sparc

Sun ≫ Java System Access Manager Version7_2005q4 Editionsolaris_8_sparc

Sun ≫ Java System Access Manager Version7_2005q4 Editionsolaris_9_sparc

Sun ≫ Java System Access Manager Version6.3_2005q1 Editionsolaris_10_x86

Sun ≫ Java System Access Manager Version6.3_2005q1 Editionsolaris_8_x86

Sun ≫ Java System Access Manager Version6.3_2005q1 Editionsolaris_9_x86

Sun ≫ Java System Access Manager Version7.1 Editionsolaris_10_x86

Sun ≫ Java System Access Manager Version7.1 Editionsolaris_8_x86

Sun ≫ Java System Access Manager Version7.1 Editionsolaris_9_x86

Sun ≫ Java System Access Manager Version7_2005q4 Editionsolaris_10_x86

Sun ≫ Java System Access Manager Version7_2005q4 Editionsolaris_8_x86

Sun ≫ Java System Access Manager Version7_2005q4 Editionsolaris_9_x86

Sun ≫ Java System Access Manager Version6.3_2005q1 Editionsolaris_10_linux

Sun ≫ Java System Access Manager Version6.3_2005q1 Editionsolaris_8_linux

Sun ≫ Java System Access Manager Version6.3_2005q1 Editionsolaris_9_linux

Sun ≫ Java System Access Manager Version7.1 Editionsolaris_10_linux

Sun ≫ Java System Access Manager Version7.1 Editionsolaris_8_linux

Sun ≫ Java System Access Manager Version7.1 Editionsolaris_9_linux

Sun ≫ Java System Access Manager Version7_2005q4 Editionsolaris_10_linux

Sun ≫ Java System Access Manager Version7_2005q4 Editionsolaris_8_linux

Sun ≫ Java System Access Manager Version7_2005q4 Editionsolaris_9_linux

Sun ≫ Java System Access Manager Version7.0_2005q4 Editionwindows

Sun ≫ Java System Access Manager Version7.1 Editionwindows

Sun ≫ Java System Web Server Version7.0 Editionhp_ux

Sun ≫ Java System Access Manager Version7.1 Editionwar

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.42%	0.588

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1

Patch

http://secunia.com/advisories/36167

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1

Vendor Advisory

http://www.securityfocus.com/bid/35961

Patch

http://www.vupen.com/english/advisories/2009/2176

https://nvd.nist.gov/vuln/detail/CVE-2009-2713

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2713

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2713

EUVD