A remote unprivileged user may be able to crash a Sun Java System Web Server or a Sun Java System Application Server which is configured to use SSL. Being able to crash an application is a type of Denial of Service (DoS).

These issues can occur in the following releases for all platforms:

• Sun Java System Web Server 6.0 Service Pack 7 and earlier
• Sun Java System Web Server 6.1 Service Pack 1 and earlier
• Sun Java System Application Server 7 Standard Edition Update 4 and earlier
• Sun Java System Application Server 7 Platform Edition Update 4 and earlier
• Sun Java System Application Server 7 2004Q2

The server exits unexpectedly.

There is no workaround. Please see the "Resolution" section below.

These issues are addressed in the following releases:

• Sun Java System Web Server 6.0 Service Pack 8 or later
• Sun Java System Web Server 6.1 Service Pack 2 or later
• Sun Java System Application Server 7 Standard Edition Update 5 or later
• Sun Java System Application Server 7 Platform Edition Update 5 or later
• Sun Java System Application Server 7 2004Q2 Update 1 or later

Sun Java System Web Server 6.0 SP 8 is available for download at http://wwws.sun.com/software/download/products/40968fe6.html.

Sun Java System Web Server 6.1 SP 3 is available for download at http://wwws.sun.com/software/download/products/415a094d.html.

Sun Java System Application Server 7 Standard Edition Update 5 is available for download at http://wwws.sun.com/software/download/products/414b472d.html.

Sun Java System Application Server Platform Edition 7 Update 5 is available for download at http://wwws.sun.com/software/download/products/4151fe59.html.

Sun Java System Application Server 7 2004Q2 Update 1 is available for download at http://wwws.sun.com/software/download/products/4154c5a5.html.

22-Dec-2005:

• Update Impact section

This solution has no attachment