CVE-2007-4511

Name of the Vulnerable Software and Affected Versions Sun Application Server version 9.0 0.1

Description The Sun Admin Console in the affected version does not persistently apply certain configuration changes. This issue affects the SSL and SSL MutualAuth ORB listener services, causing them to enable all protocols and ciphers after a restart. As a result, remote attackers may be able to bypass the intended security policy.

Recommendations For Sun Application Server version 9.0 0.1, manually reapply the desired configuration changes to the SSL and SSL MutualAuth ORB listener services after each restart to maintain the intended security settings. Consider temporarily disabling the automatic restart of these services until a more permanent solution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.