Sun Alert 102696 A Security Vulnerability in RSA Signature Verification Affects Sun Java System Application Server, Proxy Server and Web Server

Product: Sun Java System Application Server Standard Edition 7 2004Q2, Sun Java System Application Server Platform Edition 8.1 2005Q1, Sun Java System Web Proxy Server 4.0, Sun Java System Web Server 6.1, Sun Java System Application Server Enterprise Edition 7 2004Q2, Sun Java System Application Server Enterprise Edition 8.1 2005Q1, Sun ONE Web Server 6.0, Sun Java System Web Proxy Server 3.6

Sun Java System Application Server, Sun Java System Proxy Server and Sun Java System Web Server are vulnerable to an RSA(1) Signature Verification vulnerability which may allow remote unprivileged users to construct certificates with forged signatures that go undetected and are accepted as valid.

This issue is also described in the following documents:

CERT VU#845620 at http://www.kb.cert.org/vuls/id/845620

CVE-2006-4339 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

Avoidance: Patch, Upgrade
State: Workaround
First released: 03-Nov-2006
Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« July 2015
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
       
Today