A security vulnerability in the Sun Java System Web Server may allow a local or remote user to gain authorized access to certain web server instances. When a secure web server instance is set up as a non-root instance through the admin server and that admin server is configured to run as root, this vulnerability may allow a user with a revoked client certificate to access the web server instance under certain conditions even if a valid Certificate Revocation List (CRL) file is installed for the instance.

This issue can occur in the following releases:

SPARC Platform

• Sun Java System Web Server 6.1 without Service Pack 7
• Sun Java System Web Server 6.1 without patch 116648-19

x86 Platform

• Sun Java System Web Server 6.1 without Service Pack 7
• Sun Java System Web Server 6.1 without patch 116649-19

Linux Platform

• Sun Java System Web Server 6.1 without Service Pack 7
• Sun Java System Web Server 6.1 without patch 118202-11

AIX Platform

• Sun Java System Web Server 6.1 without Service Pack 7

HP-UX Platform

• Sun Java System Web Server 6.1 without Service Pack 7

Important Notes:

The following releases are not affected:

• Sun Java System Web Server 6.0
• Sun Java System Web Server 6.1 for Windows
• Sun Java System Web Server 7.0

This issue only affects hosts which meet the following two conditions:

1) contain a Certificate Revocation List (CRL) which matches certain criteria

2) contain server instances which run as a user that differs from the user that the admin server is configured to run as

If both of these conditions are met, a directory with the following name will exist on the host and it will have permissions which do not grant access to the affected instance's user. A command such as the following can be used to determine the permissions of the directory:

   $ ls -l <WS-install>/alias/https-<instance>-cert8.dir

Please consult the product documentation for information on determining which user the active instances are running as.

To determine the version of Sun Java System Web Server on a system, the following command can be run:

   $<WS-install>/https-<host>/start -version

There are no reliable symptoms that would indicate the described issue has occurred.

After importing a CRL through Web Server Admin GUI on affected systems, the following directory will be created:

   <WS-install>/alias/https-<instance>-cert8.dir

Manually change the permission/ownership of the cert8.dir directory and the files within it for this instance to allow the non-root instance owner to access them.

This issue is addressed in the following releases:

SPARC Platform

• Sun Java System Web Server 6.1 with Service Pack 7 or later
• Sun Java System Web Server 6.1 with patch 116648-19 or later

x86 Platform

• Sun Java System Web Server 6.1 with Service Pack 7 or later
• Sun Java System Web Server 6.1 with patch 116649-19 or later

Linux Platform

• Sun Java System Web Server 6.1 with Service Pack 7 or later
• Sun Java System Web Server 6.1 with patch 118202-11 or later

AIX Platform

• Sun Java System Web Server 6.1 with Service Pack 7 or later

HP-UX Platform

• Sun Java System Web Server 6.1 with Service Pack 7 or later
• Sun ONE Web Server 6.1, HP-UX patch 121510-03 or later

Sun Java System Web Server 6.1 Service Pack 7 is available at:

http://www.sun.com/download/products.xml?id=45c90ca9

• Updated Resolution section for HP-UX

This solution has no attachment