Vulnerability Details CVE-2009-1075
Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.7%
CVSS Severity
CVSS v2 Score 5.0
References
- http://blogs.sun.com/security/entry/sun_alert_253267_sun_java
- http://secunia.com/advisories/34380
- http://securitytracker.com/id?1021881
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1
- http://www.securityfocus.com/bid/34191
- http://www.vupen.com/english/advisories/2009/0797
- http://blogs.sun.com/security/entry/sun_alert_253267_sun_java
- http://secunia.com/advisories/34380
- http://securitytracker.com/id?1021881
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1
- http://www.securityfocus.com/bid/34191
- http://www.vupen.com/english/advisories/2009/0797
Products affected by CVE-2009-1075
-
cpe:2.3:a:sun:java_system_identity_manager:7.0
-
cpe:2.3:a:sun:java_system_identity_manager:7.1
-
cpe:2.3:a:sun:java_system_identity_manager:7.1.1
-
cpe:2.3:a:sun:java_system_identity_manager:8.0