Sun Java System Access Manager Vulnerability in Cross Domain Single Sign On
CVE-2009-2713

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Access Manager
Vendor: CVE Published:; 7 August 2009

Summary

The CDCServlet component in Sun Java System Access Manager versions 7.0 2005Q4 and 7.1 has a security flaw when Cross Domain Single Sign On (CDSSO) is enabled. This vulnerability allows remote attackers to potentially access sensitive information by exploiting the mishandling of 'policy advice.' The component fails to ensure that the presented policy advice is directed to the appropriate client, thereby exposing sensitive user data through unspecified vectors.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-21-...

x_refsource_CONFIRM

http://secunia.com/advisories/36167

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/35961

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Aug 7, 2009
Vulnerability Reserved
Aug 7, 2009