A security vulnerability in the Sun Java System Web Server may allow a local or remote user to gain unauthorized access to data stored on the host running the Sun Java System Web Server under certain conditions.

This issue can occur in the following releases:

SPARC Platform

• Sun Java System Web Server 6.0 without Service Pack 11
• Sun Java System Web Server 6.1 without Service Pack 7
• Sun Java System Web Server 6.1 without patch 116648-19

x86 Platform

• Sun Java System Web Server 6.1 without Service Pack 7
• Sun Java System Web Server 6.1 without patch 116649-19

Linux Platform

• Sun Java System Web Server 6.0 without Service Pack 11
• Sun Java System Web Server 6.1 without Service Pack 7
• Sun Java System Web Server 6.1 without patch 118202-11

AIX Platform

• Sun Java System Web Server 6.0 without Service Pack 11
• Sun Java System Web Server 6.1 without Service Pack 7

HP-UX Platform

• Sun Java System Web Server 6.0 without Service Pack 11
• Sun Java System Web Server 6.1 without Service Pack 7
• Sun Java System Web Server 6.1 without patch 121510-03

Windows Platform

• Sun Java System Web Server 6.0 without Service Pack 11
• Sun Java System Web Server 6.1 without Service Pack 7
• Sun Java System Web Server 6.1 without patch 121524-03

Note: Sun Java System Web Server 7.0 is not affected by this issue.

To determine the version of Sun Java System Web Server on a system, the following command can be run:

    $ <WS-install>/https-<host>/start -version

There are no reliable symptoms that would indicate the described issue has occurred.

There is no workaround.  Please see Resolution section below.

This issue is addressed in the following releases:

SPARC Platform

• Sun Java System Web Server 6.0 with Service Pack 11 or later
• Sun Java System Web Server 6.1 with Service Pack 7 or later
• Sun Java System Web Server 6.1 with patch 116648-19 or later

x86 Platform

• Sun Java System Web Server 6.1 with Service Pack 7 or later
• Sun Java System Web Server 6.1 with patch 116649-19 or later

Linux Platform

• Sun Java System Web Server 6.0 with Service Pack 11 or later
• Sun Java System Web Server 6.1 with Service Pack 7 or later
• Sun Java System Web Server 6.1 with patch 118202-11 or later

AIX Platform

• Sun Java System Web Server 6.0 with Service Pack 11 or later
• Sun Java System Web Server 6.1 with Service Pack 7 or later

HP-UX Platform

• Sun Java System Web Server 6.0 with Service Pack 11 or later
• Sun Java System Web Server 6.1 with Service Pack 7 or later
• Sun Java System Web Server 6.1 with patch 121510-03 or later

Windows Platform

• Sun Java System Web Server 6.0 with Service Pack 11 or later
• Sun Java System Web Server 6.1 with Service Pack 7 or later
• Sun Java System Web Server 6.1 with patch 121524-03 or later

Sun Java System Web Server 6.0 Service Pack 11 is available at:

• http://www.sun.com/download/products.xml?id=459db7b2

Sun Java System Web Server 6.1 Service Pack 7 is available at:

• http://www.sun.com/download/products.xml?id=45c90ca9

This solution has no attachment