|Applies To||RSA ClearTrust 4.6.1 Authorization Server (AServer)|
Sun Solaris 2.7
|Issue||Sun security alert #00208|
|Resolution||RSA Security Engineers have assessed the impact of the Sun security alert #00208 with the following results:|
Sun security alert #00208 will not apply to the ClearTrust product suite from RSA Security.
The alert relates to a security vulnerability on the browser machine, not the server machine. The JRE in question is one that will be invoked by browser, not one that is used by any server processes (including ClearTrust server processes).
The problem identified in the alert involves both applets and the system clipboard - neither of which are employed in any fashion by ClearTrust.
For this to be an issue on a machine it must have one of 2 scenarios:
1. The user has installed a malicious applet designed to access the clipboard of users of their site
2. The user would have to be using a browser to access a third-party site with such a malicious applet
In both cases, this alert involves a problem which does not relate to the presence (or absence) of a ClearTrust installation.
|Legacy Article ID||a7038|