Java Entrepreneur

Java Application Development & Entrepreneurship

Vulnerability reported in Sun Java System Web Server

Sun Java System Web Server.jpg

Vulnerability has been detected in the Sun Java System Web Server which can be exploited by malicious users for bypassing various security restrictions and hence gain access to certain web server. In case a secure web server instance is set up through the admin server as a non root instance and when it is configured to run as root then the vulnerability may enable user with a revoked client certificate to access the web server instance under some conditions in case a valid CRL file is installed.

The following releases can be affected:

SPARC Platform

• Sun Java System Web Server 6.1 without Service Pack 7
• Sun Java System Web Server 6.1 without patch 116648-19

x86 Platform

• Sun Java System Web Server 6.1 without Service Pack 7
• Sun Java System Web Server 6.1 without patch 116649-19

Linux Platform

• Sun Java System Web Server 6.1 without Service Pack 7
• Sun Java System Web Server 6.1 without patch 118202-11

AIX Platform

• Sun Java System Web Server 6.1 without Service Pack 7

HP-UX Platform

• Sun Java System Web Server 6.1 without Service Pack 7

No reliable symptoms have been identified. Service pack 7 for Sun Java System Web Server 6.1 or patches need to be applied for dealing with this security threat. Click here for the solution.

Info & Utils

Published in Friday, March 16th, 2007, at 3:39 am, and filed under Security.

Do it youself: Digg it!Save on del.icio.usMake a trackback.

Previous text: .

Next text: .

Leave a Reply

Java Entrepreneur © 2007. Theme Squared created by Rodrigo Ghedin.