Vigi@nce: Sun, denial of service via Java Proxy Web
August 2008 by Vigil@nce
An attacker can create a denial of service on the Sun Java Web Proxy Server - FTP subsystem.
Consequences: denial of service of service
Provenance: internet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 14/08/2008
Sun Java System Web Proxy Server [confidential versions]
Sun Java System Web Proxy is a proxy web which can also act like FTP gateway.
FTP subsystem does not properly close old connections.
An attacker can therefore launch a large number of connections stretch to the overload of the proxy, in order to create a denial of service.
Identifiers: 240327, 6590476, VIGILANCE-VUL-8030