|
Sun Java System Application Server Reverse SSL Proxy Plug-in Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA17873
|
|
|
Release Date:
|
2005-12-06
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Hijacking
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Sun Java System Application Server (Sun ONE) 7.x
Sun Java System Application Server 8.x
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
A vulnerability has been reported in Sun ONE and Java System Application Server, which potentially can be exploited by malicious people to conduct MitM (Man-in-the-Middle) attacks.
The vulnerability is caused due to an unspecified error in the Proxy Plug-in for Sun ONE and Java System Application Server when the plug-in is used with a web server. This may be exploited to conduct MitM (Man-in-the-Middle) attacks. It is reportedly possible to exploit this vulnerability from outside the firewall, although it will be difficult.
The vulnerability has been reported in the following products:
* Sun ONE Application Server 7.
* Sun Java System Application Server Standard Edition 7 2004Q2.
* Sun Java System Application Server Enterprise Edition 8.1 2005Q1.
Solution:
Apply updates.
-- SPARC Platform --
Sun ONE Application Server 7:
Apply Update 7 or later.
Sun Java System Application Server 7 2004Q2:
Apply Update 3 or later.
Sun Java System Application Server Enterprise Edition 8.1 2005Q1:
Apply (file based) patch 119169-03 or later.
-- x86 Platform --
Sun ONE Application Server 7:
Apply Update 7 or later.
Sun Java System Application Server 7 2004Q2:
Apply Update 3 or later.
Sun Java System Application Server Enterprise Edition 8.1 2005Q1:
Apply (file based) patch 119170-03 or later, or (SVR4) patch 119167-11 or later.
-- Linux Platform --
Sun ONE Application Server 7:
Apply Update 7 or later.
Sun Java System Application Server 7 2004Q2:
Apply Update 3 or later.
Sun Java System Application Server Enterprise Edition 8.1 2005Q1:
Apply (file based) patch 119171-04 or later.
Sun Java System Application Server Enterprise Edition 8.1 2005Q1 with RHEL2.1/RHEL3.0:
Apply (Pkg_patch) 119168-12 or later.
-- Windows Platform --
Sun ONE Application Server 7
Apply Update 7 or later.
Sun Java System Application Server 7 2004Q2:
Apply Update 3 or later.
Provided and/or discovered by:
Reported by vendor.
Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102012-1
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
23 Related Secunia Security Advisories, displaying 10
|
|
|
1. Sun Java System Web Server / Application Server JSP Information Disclosure
|
|
2. Sun Java System Application Server JSP Source Code Disclosure
|
|
3. Sun Java System Web / Application Server XSLT Processing Vulnerability
|
|
4. Sun Java System Products NSS SSLv2 Processing Buffer Overflows
|
|
5. Sun Java System Server Products HTTP Request Smuggling
|
|
6. Sun Java System Multiple Products RSA Signature Forgery
|
|
7. Sun ONE/Java System Web Server NSS Denial of Service
|
|
8. Sun Java System Application Server / Web Server File Disclosure
|
|
9. Sun Java System Application Server Cross-Site Scripting
|
|
10. Sun ONE/Java System Web Server Cross-Site Scripting
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
