Vulnerability Description
Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Java System Web Server | 6.1 |
References
- http://osvdb.org/34074
- http://secunia.com/advisories/24531
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102822-1PatchVendor Advisory
- http://www.securitytracker.com/id?1017777
- http://www.vupen.com/english/advisories/2007/0958
- http://osvdb.org/34074
- http://secunia.com/advisories/24531
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102822-1PatchVendor Advisory
- http://www.securitytracker.com/id?1017777
- http://www.vupen.com/english/advisories/2007/0958
FAQ
What is CVE-2007-1526?
CVE-2007-1526 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secur...
How severe is CVE-2007-1526?
CVE-2007-1526 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1526?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Java System Web Server.