Vulnerability in Sun Java_system_access_manager
CVE-2009-2713
The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to o…
EPSS: 0.017 (74.4th percentile) — read the EPSS interpretation.
Affected products
- Sun Java_system_access_manager — versions 6.3_2005q1, 7.1, 7_2005q4
- Sun Java_system_web_server — versions 7.0
- N/a — versions n/a
References
- cve@mitre.org (x_refsource_CONFIRM, Patch)
- cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cve@mitre.org (Patch, vdb-entry, x_refsource_BID)
- cve@mitre.org (vendor-advisory, x_refsource_SUNALERT, Vendor Advisory)
- cve@mitre.org (vdb-entry, x_refsource_VUPEN)