Unrated severityNVD Advisory· Published Aug 7, 2009· Updated Jun 16, 2026
CVE-2009-2712
CVE-2009-2712
Description
Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.
Affected products
34cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_linux:*:*:*:*:*+ 30 more
- cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:war:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_x86:*:*:*:*:*
- (no CPE)range: 6.3 2005Q1, 7.0 2005Q4, 7.1
- cpe:2.3:a:sun:java_system_web_server:7.0:*:hp_ux:*:*:*:*:*
cpe:2.3:a:sun:opensso_enterprise:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sun:opensso_enterprise:8.0:*:*:*:*:*:*:*
- (no CPE)range: 8.0
Patches
Vulnerability mechanics
References
6- sunsolve.sun.com/search/document.donvdPatch
- sunsolve.sun.com/search/document.donvdPatchVendor Advisory
- secunia.com/advisories/36169nvdVendor Advisory
- osvdb.org/56815nvd
- www.securityfocus.com/bid/35963nvd
- www.vupen.com/english/advisories/2009/2177nvd
News mentions
0No linked articles in our index yet.