java

Redirect vulnerability reported in Sun Java System Web Server

Filed in archive Security on August 3, 2007

Here is another security threat as vulnerability has been figured out in Sun Java System Web Server which can be exploited for carrying out HTTP header injection and HTTP response splitting attacks and at the same time there is a risk of losing sensitive information.

The reason behind the vulnerability is an unspecified error within the redirect feature which can be exploited in case redirect Server Application Function is set to use the url-prefix parameter coupled with escape parameter being set to no or Error directive uses the url-prefix parameter in the obj.conf file. One needs to apply Web Server 6.1 service pack 8 or later and Web Server 7.0 Update 1 or later to counter this problem. Click here for the solution.

Related Entries:

« Access free Ajax programm... | Main | Are we inching closer tow... »

Permalink: Redirect vulnerability reported in Sun Java System Web Server

Tags: Sun Java System Web Server vulnerability SunJava java java+system

Vote for Redirect vulnerability reported in Sun Java System Web Server:

Currently 8.00/10
1
2
3
4
5
6
7
8
9
10

Rating: 8.00 out of 4 vote(s) cast.

Add your response to Redirect vulnerability reported in Sun Java System Web Server:

Name: *

Email: (will never be shown)*

URL:

(* marked fields are required)

Notify me if more comments appear?

Subscribe to Java Entrepreneur newsletter? (Newsletters are sent out weekly).

Remember me

Security Code: *
(Please help us to sort out spam.)

Please enter your comment here: (Sorry, no HTML is allowed - URLs will be made clickable automatically if you add http:// to your URL.)

We welcome your comments, however all comments are moderated. Offensive or off-topic comments will be deleted and not displayed.

Share It

RSS
Google
Yahoo!
Addthis
Bloglines
Twitter	Follow us on Twitter!

Tagcloud

All contents are protected by copyright. | Terms of Use | Privacy Policy | Contact Us