Vulnerability Description
Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Java System Access Manager | 6.3_2005q1 |
| Sun | Java System Web Server | 7.0 |
| Sun | Opensso Enterprise | 8.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/56815
- http://secunia.com/advisories/36169Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1Patch
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1PatchVendor Advisory
- http://www.securityfocus.com/bid/35963
- http://www.vupen.com/english/advisories/2009/2177
- http://osvdb.org/56815
- http://secunia.com/advisories/36169Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1Patch
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1PatchVendor Advisory
- http://www.securityfocus.com/bid/35963
- http://www.vupen.com/english/advisories/2009/2177
FAQ
What is CVE-2009-2712?
CVE-2009-2712 is a vulnerability with a CVSS score of 2.1 (LOW). Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by readi...
How severe is CVE-2009-2712?
CVE-2009-2712 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2712?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Java System Access Manager, Sun Java System Web Server, Sun Opensso Enterprise.