Vulnerability in Sun Java_system_access_manager

CVE-2009-2712

Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.

EPSS: 0.004 (28.7th percentile) — read the EPSS interpretation.

Affected products

Sun Java_system_access_manager — versions 6.3_2005q1, 7.1, 7_2005q4
Sun Java_system_web_server — versions 7.0
Sun Opensso_enterprise — versions 8.0
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

cve@mitre.org (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, Patch)
cve@mitre.org (vendor-advisory, Patch, x_refsource_SUNALERT, Vendor Advisory)
cve@mitre.org (vdb-entry, x_refsource_VUPEN)