Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass intended policy.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sun Java系统应用服务器管理控制台加密协议选择漏洞
Vulnerability Description
Sun Java系统应用服务器是与J2EE平台兼容的应用服务器。 Sun应用服务器处理SSL的设置时存在漏洞,远程攻击者可能利用此漏洞非授权访问应用系统。 Sun服务器使用Sun管理控制台控制和更改SSL密码,而通过管理用户界面更改ORB监听程序(SSL和SSL_MutualAuth)不能确保在软件中也做了相应的更改,在重启服务/域后所有的SSL设置仍为默认,也就是允许所有协议和密码。这意味着无论在应用服务器的SUN管理用户界面做了何种选择,都不会影响SSL设置。
CVSS Information
N/A
Vulnerability Type
N/A