Authorization Bypass in Sun Java System Access Manager 7.1
CVE-2007-5152

Currently unrated

Key Information:

Vendor
Oracle
Status
Java System Access Manager
Java System Application Server
Vendor
CVE Published:
1 October 2007

Summary

Sun Java System Access Manager 7.1, when deployed within Sun Java System Application Server 9.1, fails to require authentication post-container restart. This oversight allows remote attackers to gain unauthorized access and perform administrative tasks without proper credentials, potentially leading to severe security implications.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...
vendor-advisoryx_refsource_SUNALERT
http://www.vupen.com/english/advisories/2007/3282
vdb-entryx_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetkey=1-66-...
vendor-advisoryx_refsource_SUNALERT

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.