Vulnerability reported in Sun Java System Web Server
Vulnerability has been detected in the Sun Java System Web Server which can be exploited by malicious users for bypassing various security restrictions and hence gain access to certain web server. In case a secure web server instance is set up through the admin server as a non root instance and when it is configured to run as root then the vulnerability may enable user with a revoked client certificate to access the web server instance under some conditions in case a valid CRL file is installed.
The following releases can be affected:
SPARC Platform
• Sun Java System Web Server 6.1 without Service Pack 7
• Sun Java System Web Server 6.1 without patch 116648-19x86 Platform
• Sun Java System Web Server 6.1 without Service Pack 7
• Sun Java System Web Server 6.1 without patch 116649-19Linux Platform
• Sun Java System Web Server 6.1 without Service Pack 7
• Sun Java System Web Server 6.1 without patch 118202-11AIX Platform
• Sun Java System Web Server 6.1 without Service Pack 7
HP-UX Platform
• Sun Java System Web Server 6.1 without Service Pack 7
No reliable symptoms have been identified. Service pack 7 for Sun Java System Web Server 6.1 or patches need to be applied for dealing with this security threat. Click here for the solution.