首 页  |  微点新闻  |  业界动态  |  安全资讯  |  安全快报  |  产品信息  |  网络版首页
通行证  |  客服中心  |  微点社区  |  微点邮局  |  常见问题  |  在线订购  |  各地代理商
 

首页 > 最新漏洞 > 正文
Sun Java System Access Manager Debug文件信息泄露
来源:  2009-11-23 16:32:15

来源

secunia.com

软件名

Sun Java System Access Manager 6.x
Sun Java System Access Manager 7.x
Sun OpenSSO Enterprise 8.x

描述

应用程序在debug文件中储存清除的文本密码时如果AMConfig.properties配置文件中的"com.iplanet.services.debug.level"属性设为"message"的话,这就会导致Sun Java System Access Manager管理的用户认证被非授权访问。
该漏洞在Sun Java System Access Manager 6 2005Q1, 7 2005Q4, 7.1,和OpenSSO Enterprise 8.0中已经报告

解决方案

应用补丁
-- SPARC Platform --

Sun Java System Access Manager 6.3 2005Q1 (for Solaris 8, 9 and 10):
应用补丁119465-16 或最新.
http://sunsolve.sun.com/search/d ... id:1-21-119465-16-1

Sun Java System Access Manager 7.0 2005Q4 (for Solaris 8, 9 and 10):
应用补丁120954-10或最新.
http://sunsolve.sun.com/search/d ... id:1-21-120954-10-1

Sun Java System Access Manager 7.1 (for Solaris 8, 9 and 10):
应用补丁 126356-03或最新.
http://sunsolve.sun.com/search/d ... id:1-21-126356-03-1

-- x86 Platform --

Sun Java System Access Manager 6.3 2005Q1 (for Solaris 8, 9 and 10):
应用补丁 119465-16或最新.
http://sunsolve.sun.com/search/d ... id:1-21-119465-16-1

Sun Java System Access Manager 7.0 2005Q4 (for Solaris 9 and 10):
应用补丁 120955-10 或最新
http://sunsolve.sun.com/search/d ... id:1-21-120955-10-1

Sun Java System Access Manager 7.1 (for Solaris 8, 9 and 10):
应用补丁126357-03或最新.
http://sunsolve.sun.com/search/d ... id:1-21-126357-03-1

-- Linux --

Sun Java System Access Manager 6.3 2005Q1:
应用补丁 119502-16或最新.
http://sunsolve.sun.com/search/d ... id:1-21-119502-16-1

Sun Java System Access Manager 7.0 2005Q4:
应用补丁 120956-10或最新.
http://sunsolve.sun.com/search/d ... id:1-21-120956-10-1

Sun Java System Access Manager 7.1:
应用补丁 126358-03或最新.
http://sunsolve.sun.com/search/d ... id:1-21-126358-03-1

-- Windows --

Sun Java System Access Manager 7.0 2005Q4:
应用补丁124296-10 或最新.
http://sunsolve.sun.com/search/d ... id:1-21-124296-10-1

Sun Java System Access Manager 7.1:
应用补丁 126359-03或最新.
http://sunsolve.sun.com/search/d ... id:1-21-126359-03-1

-- HP-UX --

Sun Java System Access Manager 7.0 2005Q4:
应用补丁 126371-10或最新.
http://sunsolve.sun.com/search/d ... id:1-21-126371-10-1

-- Other --

Sun Java System Access Manager 7.1 WAR file-based installation (all
platforms):
应用补丁 140504-03 或最新.
http://sunsolve.sun.com/search/d ... id:1-21-140504-03-1

OpenSSO Enterprise 8.0 (for all supported platforms):
应用补丁141655-01 或最新
http://sunsolve.sun.com/search/d ... id:1-21-141655-01-1
免费体验
下  载
安装演示