Vigi@nce: Sun, denial of service via Java Proxy Web
August 2008 by Vigil@nce
SYNTHESIS
An attacker can create a denial of service on the Sun Java Web
Proxy Server - FTP subsystem.
Gravity: 3/4
Consequences: denial of service of service
Provenance: internet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 14/08/2008
Identifier: VIGILANCE-VUL-8030
IMPACTED PRODUCTS
– Sun Java System Web Proxy Server [confidential versions]
DESCRIPTION
Sun Java System Web Proxy is a proxy web which can also act like
FTP gateway.
FTP subsystem does not properly close old connections.
An attacker can therefore launch a large number of connections
stretch to the overload of the proxy, in order to create a denial
of service.
CHARACTERISTICS
Identifiers: 240327, 6590476, VIGILANCE-VUL-8030