CVE-2009-0348

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Access Manager
Vendor: CVE Published:; 29 January 2009

Summary

The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/48283

vdb-entryx_refsource_XF

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

http://sunsolve.sun.com/search/document.do?assetkey=1-21-...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 29, 2009
Vulnerability Reserved
Jan 29, 2009