CVE-2009-1074 - OpenCVE

Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack of support for relative URLs.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Sun	Java System Identity Manager

Configuration 1 [-]

OR	cpe:2.3:a:sun:java_system_identity_manager:7.0:::::::*
	cpe:2.3:a:sun:java_system_identity_manager:7.1:::::::*
	cpe:2.3:a:sun:java_system_identity_manager:7.1.1:::::::*
	cpe:2.3:a:sun:java_system_identity_manager:8.0:::::::*

References

Link	Resource
http://blogs.sun.com/security/entry/sun_alert_253267_sun_java	Patch
http://secunia.com/advisories/34380	Vendor Advisory
http://securitytracker.com/id?1021881
http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1	Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1	Patch Vendor Advisory
http://www.securityfocus.com/bid/34191	Exploit Patch
http://www.vupen.com/english/advisories/2009/0797	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:23:58

Updated: 2022-10-03T16:23:58

Reserved: 2022-10-03T00:00:00

Link: CVE-2009-1074

JSON object: View

NVD Information

Status : Analyzed

Published: 2009-03-25T15:30:00.267

Modified: 2009-10-06T04:00:00.000

Link: CVE-2009-1074

JSON object: View

Redhat Information

No data.

CWE

CWE-310

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to \"ssl termination devices\" and lack of support for relative URLs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:23:58", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "253267", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1"}, {"name": "1021881", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1021881"}, {"name": "34191", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/34191"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java"}, {"name": "ADV-2009-0797", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0797"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1"}, {"name": "34380", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34380"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1074", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to \"ssl termination devices\" and lack of support for relative URLs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "253267", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1"}, {"name": "1021881", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1021881"}, {"name": "34191", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34191"}, {"name": "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java", "refsource": "CONFIRM", "url": "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java"}, {"name": "ADV-2009-0797", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0797"}, {"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1", "refsource": "CONFIRM", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1"}, {"name": "34380", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34380"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1074", "datePublished": "2022-10-03T16:23:58", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:23:58", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "0980492E-B7DB-4B9F-A400-FDC47DB89A95", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A5C87C0-3734-4568-97A6-6AB8979AABE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E1E3B2F0-90E6-4868-915F-87131711EEE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "90BC0B23-0CEE-489B-B89A-8776272EC8D2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to \"ssl termination devices\" and lack of support for relative URLs."}, {"lang": "es", "value": "Sun Java System Identity Manager (IdM) v7.0 y v8.0, no usa SSL en todas las circunstancias que cabr\u00eda esperar, esto facilita a los atacantes remotos obtener informaci\u00f3n sensible rastreando la red. Est\u00e1 relacionado con \"dispositivos de terminaci\u00f3n ssl\" y una carencia de soporte de URLs relativas."}], "id": "CVE-2009-1074", "lastModified": "2009-10-06T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-03-25T15:30:00.267", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/34380"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1021881"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/34191"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/0797"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}