5 matches found
CVE-2009-2713
Sun Java System Access Manager 7.0 (2005Q4) and 7.1 with Cross Domain Single Sign On enabled is affected by CVE-2009-2713. The issue is that the CDCServlet component does not ensure policy advice is presented to the correct client, enabling potential information disclosure via unspecified vectors...
CVE-2009-1934
Sun Java System Web Server 6.1 (Reverse Proxy Plug-in) is vulnerable to an XSS issue (CVE-2009-1934) in scenarios that trigger a 502 Gateway error. The vulnerability affects the Reverse Proxy Plug-in before SP11, allowing remote attackers to inject arbitrary script via the query string. The avail...
CVE-2009-2712
CVE-2009-2712 affects Sun Java System Access Manager (6.3/2005Q1, 7.0/2005Q4, 7.1) and OpenSSO/OpenSSO Enterprise 8.0. When AMConfig.properties enables the debug flag, local users can read debug files and discover cleartext passwords (information disclosure; confidentiality impact). Patch referen...
CVE-2009-2445
The CVE-2009-2445 issue affects Oracle iPlanet Web Server (formerly Sun Java System Web Server) on Windows, specifically 6.1 before SP12 and 7.0 through Update 6. The vulnerability permits remote attackers to disclose arbitrary JSP files by exploiting an alternate data stream syntax (for example,...
CVE-2009-3878
The CVE refers to a buffer overflow in Sun Java System Web Server 7.0 Update 6. The connected OpenVAS entries confirm Windows and Linux variants of a Sun Java System Web Server Buffer Overflow vulnerability (CPE: s sun java_system_web_server). The root cause is a buffer overflow in the server com...