Sun JS Access Manager And OpenSSO Information Disclosure Vulnerability Network Vulnerability

Summary

The host is running Access Manager or OpenSSO and is prone to information disclosure vulnerability.

Impact

Successful exploitation could allow remote unprivileged user to gain the sensitive information. Impact Level: System/Application

Solution

Apply the security updates. http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1 ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****

Insight

Error exists when 'AMConfig.properties' enables the debug flag, allows local users to discover cleartext passwords by reading debug files.

Affected

Sun OpenSSO Enterprise version 8.0 Java System Access Manager version 6.3 2005Q1 or 7.0 2005Q4 or 7.1

References

http://secunia.com/advisories/36169/
http://www.vupen.com/english/advisories/2009/2177

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2712
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Interchange HTTP Response Splitting Vulnerability
Magento Server MAGMI Cross Site Scripting / Local File Inclusion
Apple Safari JavaScript Engine Cross Domain Information Disclosure Vulnerability
MoinMoin 'Despam' Action Cross-Site Scripting Vulnerability
OTRS 'AgentTicketZoom' HTML Injection Vulnerability

Sun JS Access Manager And OpenSSO Information Disclosure vulnerability

Take action and discover your vulnerabilities