The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote malicious users to obtain sensitive information via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun java system access manager 7_2005q4 |
||
sun java system access manager 7.1 |
||
sun java system access manager 6.3_2005q1 |
||
sun java system access manager 7.0_2005q4 |
||
sun java system web server 7.0 |