PROBLEM:
Two vulnerabilities were reported in Sun Java System Access Manager. A remote authenticated user can partially access data on the target system. A remote user can partially modify data on the target system.
PLATFORM:
Sun Java versions 7.1, 8.0
ABSTRACT:
Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data.
reference LINKS:
SecurityTracker Alert ID: 1025408
CVE-2011-0844
CVE-2011-0847
Oracle Critical Patch Update Advisory
IMPACT ASSESSMENT:
Medium
Discussion:
A remote authenticated user can partially access data on the target system. The Authentication component is affected. A remote user can partially modify data on the target system.
Impact:
Sun OpenSSO Enterprise is also affected.
Solution:
Sun Java has issued a fix, described in their April 2011 Critical Patch Update advisory.
1. Critical Patch Updates
2. Java Version 6 Update 24
3. Java SE Downloads