VULHUB ™

JSCI SSO has been reported prone to an access validation vulnerability under certain circumstances. The issue presents itself in pattern-matching tags contained in JSCI SSO configuration files; these tags are used when controlling access to Java applications. It has been reported that these pattern-matching tags match an entire URI rather than the relative path to the secured Java application. This may mean that if the protected Java application is moved and has a different context root, JSCI SSO will not protect it.

JSCI SSO has been reported prone to an access validation vulnerability under certain circumstances. The issue presents itself in pattern-matching tags contained in JSCI SSO configuration files; these tags are used when controlling access to Java applications. It has been reported that these pattern-matching tags match an entire URI rather than the relative path to the secured Java application. This may mean that if the protected Java application is moved and has a different context root, JSCI SSO will not protect it.