You are here

T-606: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data

April 20, 2011 - 3:58am

Addthis

PROBLEM:

Two vulnerabilities were reported in Sun Java System Access Manager. A remote authenticated user can partially access data on the target system. A remote user can partially modify data on the target system.

PLATFORM:

Sun Java versions 7.1, 8.0

ABSTRACT:

Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data.

reference LINKS:

SecurityTracker Alert ID: 1025408
CVE-2011-0844
CVE-2011-0847
Oracle Critical Patch Update Advisory

IMPACT ASSESSMENT:

Medium

Discussion:

A remote authenticated user can partially access data on the target system. The Authentication component is affected. A remote user can partially modify data on the target system.

Impact:

Sun OpenSSO Enterprise is also affected.

Solution:

Sun Java has issued a fix, described in their April 2011 Critical Patch Update advisory.

1. Critical Patch Updates
2. Java Version 6 Update 24
3. Java SE Downloads

 

Addthis