Vigil@nce - Mule ESB: Man-in-the-middle of HTTP Connector
June 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can act as a Man-in-the-middle on the HTTP Connector
of Mule ESB, in order to capture or alter data.
Impacted products: Mule ESB
Severity: 2/4
Creation date: 21/04/2015
DESCRIPTION OF THE VULNERABILITY
The Mule ESB product uses the HTTP Connector to connect to web
sites.
However, the HTTP Connector does not check the X.509 certificate.
An attacker can therefore act as a Man-in-the-middle on the HTTP
Connector of Mule ESB, in order to capture or alter data.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Mule-ESB-Man-in-the-middle-of-HTTP-Connector-16684