CVE-2007-4511

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Application Server
Vendor: CVE Published:; 23 August 2007

Summary

The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass intended policy.

References

http://osvdb.org/45828

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/25400

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/36169

vdb-entryx_refsource_XF

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 23, 2007
Vulnerability Reserved
Aug 23, 2007