Security Vulnerability in Sun Java System Web Server May Allow Unauthorized Access to Host Data With Certain URLs |
|
| Category : | Security |
| Release Phase : | Resolved |
| Product : | Sun Java System Web Server 6.0 Service Pack 10
Sun Java System Web Server 6.1
Sun Java System Web Server 6.0 Service Pack 8
|
| Bug Id : | 6429293
|
| Date of Resolved Release : | 15-MAR-2007
|
A security vulnerability in the Sun Java System Web Server may allow a local or remote user to gain unauthorized access to data stored on the host running the Sun Java System Web Server under certain conditions.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Sun Java System Web Server 6.0 without Service Pack 11
- Sun Java System Web Server 6.1 without Service Pack 7
- Sun Java System Web Server 6.1 without patch 116648-19
x86 Platform
- Sun Java System Web Server 6.1 without Service Pack 7
- Sun Java System Web Server 6.1 without patch 116649-19
Linux Platform
- Sun Java System Web Server 6.0 without Service Pack 11
- Sun Java System Web Server 6.1 without Service Pack 7
- Sun Java System Web Server 6.1 without patch 118202-11
AIX Platform
- Sun Java System Web Server 6.0 without Service Pack 11
- Sun Java System Web Server 6.1 without Service Pack 7
HP-UX Platform
- Sun Java System Web Server 6.0 without Service Pack 11
- Sun Java System Web Server 6.1 without Service Pack 7
- Sun Java System Web Server 6.1 without patch 121510-03
Windows Platform
- Sun Java System Web Server 6.0 without Service Pack 11
- Sun Java System Web Server 6.1 without Service Pack 7
- Sun Java System Web Server 6.1 without patch 121524-03
Note: Sun Java System Web Server 7.0 is not affected by this issue.
To determine the version of Sun Java System Web Server on a system, the following command can be run:
$ <WS-install>/https-<host>/start -version
Symptoms
There are no reliable symptoms that would indicate the described issue has occurred.
Workaround
There is no workaround. Please see Resolution section below.
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Sun Java System Web Server 6.0 with Service Pack 11 or later
- Sun Java System Web Server 6.1 with Service Pack 7 or later
- Sun Java System Web Server 6.1 with patch 116648-19 or later
x86 Platform
- Sun Java System Web Server 6.1 with Service Pack 7 or later
- Sun Java System Web Server 6.1 with patch 116649-19 or later
Linux Platform
- Sun Java System Web Server 6.0 with Service Pack 11 or later
- Sun Java System Web Server 6.1 with Service Pack 7 or later
- Sun Java System Web Server 6.1 with patch 118202-11 or later
AIX Platform
- Sun Java System Web Server 6.0 with Service Pack 11 or later
- Sun Java System Web Server 6.1 with Service Pack 7 or later
HP-UX Platform
- Sun Java System Web Server 6.0 with Service Pack 11 or later
- Sun Java System Web Server 6.1 with Service Pack 7 or later
- Sun Java System Web Server 6.1 with patch 121510-03 or later
Windows Platform
- Sun Java System Web Server 6.0 with Service Pack 11 or later
- Sun Java System Web Server 6.1 with Service Pack 7 or later
- Sun Java System Web Server 6.1 with patch 121524-03 or later
Sun Java System Web Server 6.0 Service Pack 11 is available at:
Sun Java System Web Server 6.1 Service Pack 7 is available at:
AttachmentsThis solution has no attachment
|
Subscribe |
Careers |
Contact Us |
Site Maps |
Legal Notices |
Terms of Use |
Your Privacy Rights |
Sun Contracted Content
Sun Contracted Feature
