« Access free Ajax... | Main | Are we inching closer... »

Redirect vulnerability reported in Sun Java System Web Server

Filed in archive Security by gautam on August 03, 2007

Sun Java System Web Server vulnerability.jpg

Here is another security threat as vulnerability has been figured out in Sun Java System Web Server which can be exploited for carrying out HTTP header injection and HTTP response splitting attacks and at the same time there is a risk of losing sensitive information.

The reason behind the vulnerability is an unspecified error within the redirect feature which can be exploited in case redirect Server Application Function is set to use the url-prefix parameter coupled with escape parameter being set to no or Error directive uses the url-prefix parameter in the obj.conf file. One needs to apply Web Server 6.1 service pack links

8 or later and Web Server 7.0 Update 1 or later to counter this problem. Click here for the solution.

Permalink: Redirect vulnerability reported in Sun Java System Web Server
Tags: Sun Java System Web Server vulnerability SunJava java java+system

Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/84584

Vulnerability reported in Sun Java System Web Server - 16 March 2007

Vulnerability reported in Java System Directory Server - 03 April 2007

Vulnerability reported in Sun Java System Application Server - 26 July 2007

Vote for Redirect vulnerability reported in Sun Java System Web Server:

Currently 8.00/10
1
2
3
4
5
6
7
8
9
10

Rating: 8.0 out of 4 vote(s) cast.

CW Toolbar
RSS	\| See all blog subscribe options
Google	\| What is RSS?
Yahoo!
Addthis
Bloglines
Newsletter

Advertisement - Book yours here.

Check out our Sponsored Blogs!
The Mobile Technology Weblog
latest news from

The JavaScript Framework Long Tail

Audible Ajax Episode 29: Interview with Google’s Gavin Doughtie

Cappuccino and Objective-J released as opensource

jTPS: Animated Sortable Datagrid jQuery plugin

gameQuery:

Dojo Multifile Uploader with Flash

Zend Framework 1.6: Dojo, SOAP, Testing, Tooling, and more

IE 8 Security and nosniff

Adding Custom Tags To Internet Explorer, The Official Way

Brendan discusses how TraceMonkey is climbing faster; Ruby on the Web with V8

Audible Ajax Episode 28: The State of Ajax, with Chrome and friends

Coverflow again…. with Canvas

Drag and drop via sneaky Textarea hack

Xsstc: Cross-site scripting through CSS data

QUnit: A simple look at the jQuery unit test framework

Google Chrome, Chromium, and V8

Firefox implements 3 CSS properties: text-shadow, -moz-box-shadow and -moz-column-rule

This Week in HTML5; Open Web Podcast with Anne van Kesteren

toStaticHTML: Sanitize your HTML in IE 8

addSizes.js: automatic link file-size generation

Get the Newsletter

Browser Plug-ins
Client-side Frameworks
Interaction Design/
Graphic Design/User Experience
JavaScript
Programming Techniques
Security
Server-side Frameworks

Advertisement -
Book yours here..

Our Editors recommend
Ajaxian
Bokardo
Bruce Eckel's Weblog
Daniweb
Java Posse
Joel on Software
Martin Fowler's Bliki
Mashable
Rick Hightower's Sleepless Night in Tucson
Service-Oriented Architecture
TechCrunch
techno.blog ("Dion")
Tinou's Work Blog
Tor Norbye's Weblog

Contributors (Last 90 days)
Gautam Chhabra (35)
This site has 635 entries and is powered by Creative Weblogging since September 2005.
Do you want to start or edit an existing blog for us and get paid? More info.
Do you want to advertise on this blog? We have great ideas!
Do you have tips for us? Send them!

Discover Java Entrepreneur on your cell phone! Simply type the URL of your favorite blog in your mobile browser.

Advertise with us
Learn more about our advertising options, visit our shop or give Sonja a call at +1 (650) 331 8047.
NEW you can also chat with us.

Security Cameras
Would you like to have a new interactive marketing channel for your company? Learn more about Sponsored Blogs with Creative Weblogging. See how we helped istockphoto.com and others.
Do you have a blog with more than 50k page views from the US? Let us market your blog.

Advertisement
Book yours here.

Testimonials
'Great looking blog. Good quality posts with useful information.'

Other blogs in the same channel in the Creative Weblogging Network

Advertisement -
Book yours here..

Disclaimer
Some of the contents of this site are protected Creative Weblogging Ltd. 2004-2008.

Advertisement - Book yours here..

Add your response to Redirect vulnerability reported in Sun Java System Web Server:
Name: *	Email: (will never be shown)*	URL:

(* marked fields are required)
Notify me if more comments appear?	Subscribe to Java Entrepreneur newsletter? (Newsletters are sent out weekly).	Remember me
Security Code: * (Please help us to sort out spam.)

Please enter your comment here: (Sorry, no HTML is allowed - URLs will be made clickable automatically if you add http:// to your URL.)


We welcome your comments, however all comments are moderated. Offensive or off-topic comments will be deleted and not displayed.

Tell a friend about Redirect vulnerability reported in Sun Java System Web Server
Recipient email:*	Your email:*

(* Both email addresses are required for sending this article. They will never be shown or used for any marketing purposes)
Please enter a message which will be shown together with the article:

Security Code: (Please help us to sort out spam.)

Redirect vulnerability reported in Sun Java System Web Server

Filed in archive Security by gautam on August 03, 2007

Related Entries:

Vote for Redirect vulnerability reported in Sun Java System Web Server:

Add your response to Redirect vulnerability reported in Sun Java System Web Server:

Tell a friend about Redirect vulnerability reported in Sun Java System Web Server

Check out our Sponsored Blogs!

latest news from

Our Editors recommend

Contributors (Last 90 days)

Categories

Archives

Advertise with us

Most popular

Testimonials

Recent Comments

Other blogs in the same channel in the Creative Weblogging Network

Technology

Disclaimer

Find more recent entries from our other publications:

P2P File Sharing

The VoIP Weblog

BlogWealth

Nanotechbuzz

The CIO Weblog

On Storage