Vulnerability Bulletins |
Ataque Man-in-the-Middle en reverse SSL Proxy Plugin de Sun ONE y Java System Application Server |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Confidencialidad |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | Comercial Software |
| Affected software |
Sun ONE Application Server 7 Sun Java System Application Server 7 2004Q2 Sun Java System Application Server Enterprise Edition 8.1 2005Q1 |
Description |
|
|
Se ha descubierto una vulnerabilidad en Sun ONE Application Server 7, Sun Java System Application Server 7 2004Q2 y Sun Java System Application Server Enterprise Edition 8.1 2005Q1. La vulnerabilidad reside en un error no especificado en el plugin del proxy SSL que puede ser usado por los servidores Web Sun Java System Web Server, Apache Web Server y Microsoft Internet Information Server (IIS). Un atacante remoto podría comprometer datos sensibles del tráfico entre cliente y servidor mediante un ataque "Man-in-the-Middle". Aunque no es imposible sería muy difícil realizar un ataque desde fuera del cortafuegos que proteja al servidor Web vulnerable. |
|
Solution |
|
|
Actualización de software Sun Sun ONE Application Server 7 / SPARC / Update 7 Sun ONE Application Server 7 / x86 / Update 7 Sun ONE Application Server 7 / Linux / Update 7 Sun ONE Application Server 7 / Windows / Update 7 Sun Java System Application Server 7 2004Q2 / SPARC / Update 3 Sun Java System Application Server 7 2004Q2 / x86 / Update 3 Sun Java System Application Server 7 2004Q2 / Linux / Update 3 Sun Java System Application Server 7 2004Q2 / Windows / Update 3 Sun Java System Application Server Enterprise Edition 8.1 2005Q1 / SPARC / (file based) patch 119169-03 Sun Java System Application Server Enterprise Edition 8.1 2005Q1 / x86 / (file based) patch 119170-03 Sun Java System Application Server Enterprise Edition 8.1 2005Q1 / x86 / (SVR4) patch 119167-11 Sun Java System Application Server Enterprise Edition 8.1 2005Q1 / Linux / (file based) patch 119171-04 Sun Java System Application Server Enterprise Edition 8.1 2005Q1 / Linux / RHEL2.1,RHEL3.0 (Pkg_patch) 119168-12 http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage |
|
Standar resources |
|
| Property | Value |
| CVE | |
| BID | |
Other resources |
|
|
Sun Alert Notification (102012) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102012-1 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2005-12-07 |