java

Vulnerability Reported In Sun Java System Products

Filed in archive Security on November 8, 2006

Vulnerability has been reported in Sun Java System and Sun ONE Application Server. The cause is being attributed to an error in OpenSSL which could be targeted by hackers for forging signatures without requiring any secret key.

The following products have been affected:

Sun Java System proxy Server 3.6
Sun Java System Web Server 6.0
Sun Java System Web Server 6.1
Sun ONE Application Server 7
Sun Java System Application Server 7 2004Q2
Sun Java System Application Server Platform Edition 8.1 2005 Q1
Sun Java System Application Server Enterprise Edition 8.1 2005 Q1

Avoid using RSA keys with an exponent of three. OpenSSL 0.9.7 branch users must upgrade to 0.9.7k version or later and OpenSSL 0.9.8 branch users must upgrade to 0.9.8c or later. Up till now there is no report of an official patch.

Related Entries:

« Open Source Java Plans Fi... | Main | Java and Vista to Get alo... »

Permalink: Vulnerability Reported In Sun Java System Products

Tags: sun java OpenSSL Sun ONE Application Server system java+system

Vote for Vulnerability Reported In Sun Java System Products:

Currently 8.67/10
1
2
3
4
5
6
7
8
9
10

Rating: 8.67 out of 3 vote(s) cast.

Add your response to Vulnerability Reported In Sun Java System Products:

Name: *

Email: (will never be shown)*

URL:

(* marked fields are required)

Notify me if more comments appear?

Subscribe to Java Entrepreneur newsletter? (Newsletters are sent out weekly).

Remember me

Security Code: *
(Please help us to sort out spam.)

Please enter your comment here: (Sorry, no HTML is allowed - URLs will be made clickable automatically if you add http:// to your URL.)

We welcome your comments, however all comments are moderated. Offensive or off-topic comments will be deleted and not displayed.

Share It

Tagcloud

All contents are protected by copyright. | Terms of Use | Privacy Policy | Contact Us