CVE-2009-0348
Sun Java System Access Manager 7.1 - 'Username' Enumeration
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
El módulo de ingreso en Sun Java System Access Manager v6 2005Q1 (antes conocido como v6.3), v7 2005Q4 (antes conocido como v7.0), y v7.1. responde de manera diferente dependiendo de si la cuenta existe o no, lo que permite a atacantes remotos averiguar nombres de usuario válidos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-01-27 First Exploit
- 2009-01-29 CVE Reserved
- 2009-01-29 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/33489 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2009/0269 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48283 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/32762 | 2009-01-27 |
| URL | Date | SRC |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-15-1 | 2017-08-08 | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1 | 2017-08-08 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/33688 | 2017-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 6.3_2005q1 Search vendor "Sun" for product "Java System Access Manager" and version "6.3_2005q1" | solaris_10_linux |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 6.3_2005q1 Search vendor "Sun" for product "Java System Access Manager" and version "6.3_2005q1" | solaris_10_sparc |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 6.3_2005q1 Search vendor "Sun" for product "Java System Access Manager" and version "6.3_2005q1" | solaris_10_windows |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 6.3_2005q1 Search vendor "Sun" for product "Java System Access Manager" and version "6.3_2005q1" | solaris_10_x86 |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 6.3_2005q1 Search vendor "Sun" for product "Java System Access Manager" and version "6.3_2005q1" | solaris_8_linux |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 6.3_2005q1 Search vendor "Sun" for product "Java System Access Manager" and version "6.3_2005q1" | solaris_8_sparc |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 6.3_2005q1 Search vendor "Sun" for product "Java System Access Manager" and version "6.3_2005q1" | solaris_8_windows |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 6.3_2005q1 Search vendor "Sun" for product "Java System Access Manager" and version "6.3_2005q1" | solaris_8_x86 |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 6.3_2005q1 Search vendor "Sun" for product "Java System Access Manager" and version "6.3_2005q1" | solaris_9_linux |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 6.3_2005q1 Search vendor "Sun" for product "Java System Access Manager" and version "6.3_2005q1" | solaris_9_sparc |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 6.3_2005q1 Search vendor "Sun" for product "Java System Access Manager" and version "6.3_2005q1" | solaris_9_windows |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 6.3_2005q1 Search vendor "Sun" for product "Java System Access Manager" and version "6.3_2005q1" | solaris_9_x86 |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7.1 Search vendor "Sun" for product "Java System Access Manager" and version "7.1" | solaris_10_linux |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7.1 Search vendor "Sun" for product "Java System Access Manager" and version "7.1" | solaris_10_sparc |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7.1 Search vendor "Sun" for product "Java System Access Manager" and version "7.1" | solaris_10_windows |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7.1 Search vendor "Sun" for product "Java System Access Manager" and version "7.1" | solaris_10_x86 |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7.1 Search vendor "Sun" for product "Java System Access Manager" and version "7.1" | solaris_8_linux |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7.1 Search vendor "Sun" for product "Java System Access Manager" and version "7.1" | solaris_8_sparc |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7.1 Search vendor "Sun" for product "Java System Access Manager" and version "7.1" | solaris_8_windows |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7.1 Search vendor "Sun" for product "Java System Access Manager" and version "7.1" | solaris_8_x86 |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7.1 Search vendor "Sun" for product "Java System Access Manager" and version "7.1" | solaris_9_linux |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7.1 Search vendor "Sun" for product "Java System Access Manager" and version "7.1" | solaris_9_sparc |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7.1 Search vendor "Sun" for product "Java System Access Manager" and version "7.1" | solaris_9_windows |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7.1 Search vendor "Sun" for product "Java System Access Manager" and version "7.1" | solaris_9_x86 |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7_2005q4 Search vendor "Sun" for product "Java System Access Manager" and version "7_2005q4" | solaris_10_linux |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7_2005q4 Search vendor "Sun" for product "Java System Access Manager" and version "7_2005q4" | solaris_10_sparc |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7_2005q4 Search vendor "Sun" for product "Java System Access Manager" and version "7_2005q4" | solaris_10_windows |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7_2005q4 Search vendor "Sun" for product "Java System Access Manager" and version "7_2005q4" | solaris_10_x86 |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7_2005q4 Search vendor "Sun" for product "Java System Access Manager" and version "7_2005q4" | solaris_8_linux |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7_2005q4 Search vendor "Sun" for product "Java System Access Manager" and version "7_2005q4" | solaris_8_sparc |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7_2005q4 Search vendor "Sun" for product "Java System Access Manager" and version "7_2005q4" | solaris_8_windows |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7_2005q4 Search vendor "Sun" for product "Java System Access Manager" and version "7_2005q4" | solaris_8_x86 |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7_2005q4 Search vendor "Sun" for product "Java System Access Manager" and version "7_2005q4" | solaris_9_linux |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7_2005q4 Search vendor "Sun" for product "Java System Access Manager" and version "7_2005q4" | solaris_9_sparc |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7_2005q4 Search vendor "Sun" for product "Java System Access Manager" and version "7_2005q4" | solaris_9_windows |
Affected
| ||||||
| Sun Search vendor "Sun" | Java System Access Manager Search vendor "Sun" for product "Java System Access Manager" | 7_2005q4 Search vendor "Sun" for product "Java System Access Manager" and version "7_2005q4" | solaris_9_x86 |
Affected
| ||||||