CVE-2009-2713

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Access Manager
Vendor: CVE Published:; 7 August 2009

Summary

The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-21-...

x_refsource_CONFIRM

http://secunia.com/advisories/36167

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/35961

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Aug 7, 2009
Vulnerability Reserved
Aug 7, 2009