Sun Java System Web Proxy Server FTP Subsystem Denial of Service Vulnerability

Bugtraq ID:	30671
Class:	Unknown
CVE:	CVE-2008-3683
Remote:	Yes
Local:	No
Published:	Aug 12 2008 12:00AM
Updated:	May 07 2015 05:24PM
Credit:	Joxean Koret
Vulnerable:	Sun Java System Web Proxy Server 4.0.5 Sun Java System Web Proxy Server 4.0
Not Vulnerable:

Sun Java System Web Proxy Server FTP Subsystem Denial of Service Vulnerability

Sun Java System Web Proxy Server is prone to a denial-of-service vulnerability caused by an unspecified error in the FTP subsystem.

An unprivileged attacker can exploit this issue to prevent the proxy server from accepting new connections, resulting in denial-of-service conditions.

This issue affects Sun Java System Web Proxy Server 4.0 through 4.0.5 for SPARC, x86, Linux, Windows, and HP-UX platforms.

Sun Java System Web Proxy Server FTP Subsystem Denial of Service Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Sun Java System Web Proxy Server FTP Subsystem Denial of Service Vulnerability

Solution:
Sun has released patches and an advisory. Please see the references for more information.

Sun Java System Web Proxy Server FTP Subsystem Denial of Service Vulnerability

References:

• Sun Java System Web Proxy Server (Sun Microsystems)
  
• Solution 240327: A Security Vulnerability in the ftp Subsystem of Sun Java Syste (Sun Microsystems)