The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 102012 Security Vulnerability With Sun Java System Application Server Reverse SSL Proxy Plugin

Guest Author
Product: Sun Java System Application Server Standard Edition 7 2004Q2, Sun ONE Application Server 7, Standard Edition, Sun Java System Application Server Enterprise Edition 8.1 2005Q1

A security vulnerability exists in the Proxy Plug-in for certain Sun ONE and Java System Application Server products when the plug-in is used with a supported web server, such as Sun Java System Web Server, Apache Web Server or Microsoft Internet Information Server (IIS). This vulnerability may allow a "Man-in-the-Middle" condition to be exploited and possibly compromise data privacy between the client and the server.

Note: Though not impossible, it will be difficult to carry out this exploit from outside the firewall in front of the web server.

Avoidance: Patch, Upgrade
State: Resolved
First released: 05-Dec-2005

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.