The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Sun Application Server: man in the middle attack on Proxy Plug-in

Synthesis of the vulnerability 

An attacker can conduct a "man in the middle" attack on the SSL Proxy Plug-in in order to obtain sensitive information.
Impacted systems: Sun AS.
Severity of this alert: 2/4.
Creation date: 06/12/2005.
Références of this alert: 102012, 6210327, BID-15728, CVE-2005-4046, VIGILANCE-VUL-5399.

Description of the vulnerability 

The Proxy Plug-in of Sun Java System Application Server can connect to a web server:
 - Sun Java System Web Server
 - Apache Web Server
 - Microsoft Internet Information Server

Sun announced that an attacker can use a vulnerability of SSL Proxy Plug-in in order to act as a "man in the middle". Attacker can thus intercept data between client and server.

 The bug id subject, associated to this vulnerability, only describes a memory problem ("Appserver reverse proxy plugin causes cache memory growth").
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability note impacts software or systems such as Sun AS.

Our Vigil@nce team determined that the severity of this computer vulnerability announce is medium.

The trust level is of type confirmed by the editor, with an origin of intranet client.

An attacker with a expert ability can exploit this cybersecurity announce.

Solutions for this threat 

Sun Application Server: patch for SSL Proxy Plug-in.
Following versions are corrected:
SPARC
    * Sun ONE Application Server 7 Update 7
    * Sun Java System Application Server 7 2004Q2 Update 3
    * Sun Java System Application Server Enterprise Edition 8.1 2005Q1 (file based) : patch 119169-03
x86
    * Sun ONE Application Server 7 Update 7
    * Sun Java System Application Server 7 2004Q2 Update 3
    * Sun Java System Application Server Enterprise Edition 8.1 2005Q1 (file based) : patch 119170-03
    * Sun Java System Application Server Enterprise Edition 8.1 2005Q1 (SVR4) : patch 119167-11
Linux
    * Sun ONE Application Server 7 Update 7
    * Sun Java System Application Server 7 2004Q2 Update 3
    * Sun Java System Application Server Enterprise Edition 8.1 2005Q1 (file based) : patch 119171-04
    * Sun Java System Application Server Enterprise Edition 8.1 2005Q1 (Pkg_patch) : patch 119168-12
Windows
    * Sun ONE Application Server 7 Update 7
    * Sun Java System Application Server 7 2004Q2 Update 3
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides an applications vulnerabilities patch. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.