ID |
CVE-2007-4511
|
Summary |
The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass intended policy. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 5.0 (as of 15-10-2018 - 21:35) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
NONE |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
refmap
via4
|
bid | 25400 | bugtraq | 20070822 Encryption Weakness in Sun Sun AS 9.0_0.1 (build b02-p01) | osvdb | 45828 | xf | sun-applicationserver-ssl-weak-security(36169) |
|
Last major update |
15-10-2018 - 21:35 |
Published |
23-08-2007 - 19:17 |
Last modified |
15-10-2018 - 21:35 |