Configuration Weakness in Sun Application Server 9.0 Admin Console
CVE-2007-4511

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Application Server
Vendor: CVE Published:; 23 August 2007

Summary

The Sun Admin Console in Sun Application Server 9.0_0.1 has a vulnerability that prevents certain configuration changes from being applied persistently. This results in the SSL and SSL_MutualAuth ORB listener services reverting to insecure defaults after a restart. Consequently, this may enable unauthorized remote attackers to exploit flexible SSL configurations, leading to potential circumvention of established security policies.

References

http://osvdb.org/45828

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/25400

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/36169

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 23, 2007
Vulnerability Reserved
Aug 23, 2007