CVE-2009-2713

3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.4%

top 38.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Java System Access Manager SUN Java System WEB Server

Timeline

PublishedAug 7

Latest updateMay 2

Description

The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDsun/java_system_access_manager4 versions+3

▶NVDsun/java_system_web_server7.0

Patches

Patch: sunsolve.sun.com ↗Patch: www.securityfocus.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-rfx5-q6vf-4479: The CDCServlet component in Sun Java System Access Manager 7↗2022-05-02

▶

CVEList

CVE-2009-2713: The CDCServlet component in Sun Java System Access Manager 7↗2009-08-07

▶