Vulnerability reported in Sun Java System Web Server

Filed in archive Security on March 16, 2007

Vulnerability has been detected in the Sun Java System Web Server which can be exploited by malicious users for bypassing various security restrictions and hence gain access to certain web server. In case a secure web server instance is set up through the admin server as a non root instance and when it is configured to run as root then the vulnerability may enable user with a revoked client certificate to access the web server instance under some conditions in case a valid CRL file is installed.

The following releases can be affected:

SPARC Platform

• Sun Java System Web Server 6.1 without Service Pack 7
• Sun Java System Web Server 6.1 without patch 116648-19

x86 Platform

• Sun Java System Web Server 6.1 without Service Pack 7
• Sun Java System Web Server 6.1 without patch 116649-19

Linux Platform

• Sun Java System Web Server 6.1 without Service Pack 7
• Sun Java System Web Server 6.1 without patch 118202-11

AIX Platform

• Sun Java System Web Server 6.1 without Service Pack 7

HP-UX Platform

• Sun Java System Web Server 6.1 without Service Pack 7

No reliable symptoms have been identified. Service pack 7 for Sun Java System Web Server 6.1 or patches need to be applied for dealing with this security threat. Click here for the solution.