The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 102822 Sun Java System Web Server May Allow A User with Revoked Client Certificate to Access Server Instance Under Certain Conditions

Guest Author
Product: Sun Java System Web Server 6.1

A security vulnerability in the Sun Java System Web Server may allow a local or remote user to gain authorized access to certain web server instances. When a secure web server instance is set up as a non-root instance through the admin server and that admin server is configured to run as root, this vulnerability may allow a user with a revoked client certificate to access the web server instance under certain conditions even if a valid Certificate Revocation List (CRL) file is installed for the instance.

Avoidance: Patch, Upgrade, Workaround
State: Resolved
First released: 14-Mar-2007

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.