Title: Oracle Webcache SSL Encryption Downgrade Weakness
Severity: MODERATE
Description:
A security weakness was reported in Oracle Webcache. The issue is that documents may be served with weaker SSL encryption than configured in Oracle HTTP Server.
This specific issue is that if Oracle HTTP Server is configured to use 128-bit encryption, the Oracle Webcache will actually serve those documents with 40-bit encryption. This could result in a false sense of security.
This issue was mentioned in the patch readme for the Oracle Critical Patch Update for July. This issue is listed as bug ID 2972458. Oracle has not released any further information about this weakness.
Affected Products:
- Oracle Oracle9i Application Server Web Cache 9.0.2 .3
References:
- Oracle: Critical Patch Update - July 2005
- Red Database Security: Oracle CPU July 2005 - Silently fixed bugs
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
