000018825 - Sun security alert #00208

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018825
Applies ToRSA ClearTrust 4.6.1 Authorization Server (AServer)
Sun Solaris 2.7
IssueSun security alert #00208
ResolutionRSA Security Engineers have assessed the impact of the Sun security alert #00208 with the following results:

Sun security alert #00208 will not apply to the ClearTrust product suite from RSA Security.

The alert relates to a security vulnerability on the browser machine, not the server machine. The JRE in question is one that will be invoked by browser, not one that is used by any server processes (including ClearTrust server processes).

The problem identified in the alert involves both applets and the system clipboard - neither of which are employed in any fashion by ClearTrust.  
For this to be an issue on a machine it must have one of 2 scenarios:

1. The user has installed a malicious applet designed to access the clipboard of users of their site

2. The user would have to be using a browser to access a third-party site with such a malicious applet

In both cases, this alert involves a problem which does not relate to the presence (or absence) of a ClearTrust installation.
Legacy Article IDa7038