Insecure Communication Flaw in Sun Java System Identity Manager
CVE-2009-1074

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Identity Manager
Vendor: CVE Published:; 25 March 2009

Summary

The Sun Java System Identity Manager versions 7.0 to 8.0 contain a vulnerability that allows sensitive information to be intercepted by attackers due to improper implementation of SSL encryption. This issue arises from the failure to enforce SSL in all necessary situations, particularly concerning SSL termination devices and the lack of support for relative URLs. As a result, attackers can easily sniff network traffic, leading to potential data breaches.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

http://securitytracker.com/id?1021881

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/34191

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 25, 2009