Unrated severityNVD Advisory· Published Aug 7, 2009· Updated Apr 23, 2026

CVE-2009-2713

Description

The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.

Affected products

Sun Corporation/Java System Access Manager30 versions
cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_linux:*:*:*:*:*+ 29 more
- cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:war:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_x86:*:*:*:*:*
Sun Corporation/Java System Web Server
cpe:2.3:a:sun:java_system_web_server:7.0:*:hp_ux:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sunsolve.sun.com/search/document.donvdPatch
www.securityfocus.com/bid/35961nvdPatch
secunia.com/advisories/36167nvdVendor Advisory
sunsolve.sun.com/search/document.donvdVendor Advisory
www.vupen.com/english/advisories/2009/2176nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000