CVE-2009-1074

Sun Java System Identity Manager 7.0-8.0 - Information Disclosure via Unencrypted Network Traffic

Title source: llm

Description

Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack of support for relative URLs.

References (7)

Core 7

Core References

Patch, Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1021881

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/34191

Patch x_refsource_confirm

http://blogs.sun.com/security/entry/sun_alert_253267_sun_java

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/0797

Patch, Vendor Advisory x_refsource_confirm

http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34380

Scores

EPSS 0.0065

EPSS Percentile 71.1%

Details

CWE

CWE-310

Status published

Products (4)

sun/java_system_identity_manager 7.0

sun/java_system_identity_manager 7.1

sun/java_system_identity_manager 7.1.1

sun/java_system_identity_manager 8.0

Published Mar 25, 2009

Tracked Since Feb 18, 2026