Lucene search

[email protected]NVD:CVE-2009-0348

HistoryJan 29, 2009 - 7:30 p.m.

CVE-2009-0348

2009-01-2919:30:00

CWE-200

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

87.1%

JSON

The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

Affected configurations

NVD

Node

sunjava_system_access_managerMatch6.3_2005q1solaris_10_linux

sunjava_system_access_managerMatch6.3_2005q1solaris_10_sparc

sunjava_system_access_managerMatch6.3_2005q1solaris_10_windows

sunjava_system_access_managerMatch6.3_2005q1solaris_10_x86

sunjava_system_access_managerMatch6.3_2005q1solaris_8_linux

sunjava_system_access_managerMatch6.3_2005q1solaris_8_sparc

sunjava_system_access_managerMatch6.3_2005q1solaris_8_windows

sunjava_system_access_managerMatch6.3_2005q1solaris_8_x86

sunjava_system_access_managerMatch6.3_2005q1solaris_9_linux

sunjava_system_access_managerMatch6.3_2005q1solaris_9_sparc

sunjava_system_access_managerMatch6.3_2005q1solaris_9_windows

sunjava_system_access_managerMatch6.3_2005q1solaris_9_x86

sunjava_system_access_managerMatch7.1solaris_10_linux

sunjava_system_access_managerMatch7.1solaris_10_sparc

sunjava_system_access_managerMatch7.1solaris_10_windows

sunjava_system_access_managerMatch7.1solaris_10_x86

sunjava_system_access_managerMatch7.1solaris_8_linux

sunjava_system_access_managerMatch7.1solaris_8_sparc

sunjava_system_access_managerMatch7.1solaris_8_windows

sunjava_system_access_managerMatch7.1solaris_8_x86

sunjava_system_access_managerMatch7.1solaris_9_linux

sunjava_system_access_managerMatch7.1solaris_9_sparc

sunjava_system_access_managerMatch7.1solaris_9_windows

sunjava_system_access_managerMatch7.1solaris_9_x86

sunjava_system_access_managerMatch7_2005q4solaris_10_linux

sunjava_system_access_managerMatch7_2005q4solaris_10_sparc

sunjava_system_access_managerMatch7_2005q4solaris_10_windows

sunjava_system_access_managerMatch7_2005q4solaris_10_x86

sunjava_system_access_managerMatch7_2005q4solaris_8_linux

sunjava_system_access_managerMatch7_2005q4solaris_8_sparc

sunjava_system_access_managerMatch7_2005q4solaris_8_windows

sunjava_system_access_managerMatch7_2005q4solaris_8_x86

sunjava_system_access_managerMatch7_2005q4solaris_9_linux

sunjava_system_access_managerMatch7_2005q4solaris_9_sparc

sunjava_system_access_managerMatch7_2005q4solaris_9_windows

sunjava_system_access_managerMatch7_2005q4solaris_9_x86

References

secunia.com/advisories/33688

sunsolve.sun.com/search/document.do?assetkey=1-21-119465-15-1

sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1

www.securityfocus.com/bid/33489

www.vupen.com/english/advisories/2009/0269

exchange.xforce.ibmcloud.com/vulnerabilities/48283

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

87.1%

JSON

Related for NVD:CVE-2009-0348

cve1 prion1 cvelist1 nessus18