JSP Source Code Exposure Issue on Windows Platform Affects Sun Java System Application Server


Category :Security
Release Phase :Resolved
Product :Sun Java System Application Server Platform Edition 8.1 2005Q1
Sun Java System Application Server Enterprise Edition 8.2
Sun Java System Application Server Enterprise Edition 8.1 2005Q1
SJS Application Server PE 8.2  
Bug Id :6569427  
Date of Workaround Release :24-JUL-2007 
Date of Resolved Release :26-OCT-2007 


Impact

A security vulnerability in various releases of Sun Java System Application Server may allow source code exposure of JSPs on the Windows platform. This would allow unauthorized remote users the ability to view critical source code.


Contributing Factors

This issue can occur in the following releases:

Windows Platform

  • Sun Java System Application Server Enterprise Edition 8.1 without file-based patch 119172-18 or package-based patch 122848-11
  • Sun Java System Application Server Platform Edition 8.1 without file-based patch 119176-18
  • Sun Java System Application Server Enterprise Edition 8.2 without file-based patch 124678-02 or package-based patch 124684-03
  • Sun Java System Application Server Platform Edition 8.2 without file-based patch 124682-02
  • Sun Java System Application Server Platform Edition 9.0 without file-based patch 124612-05 

Note 1: This issue only affects the listed products on the Windows platform.

Note 2: There are Sun Java System Application Server patches for non-Windows platforms which reference this bugID, 6569427, since the code changes were applied to all platforms even though only the Windows platform is affected.


Symptoms

There are no reliable symptoms that would indicate the described issues have been exploited, other than the source code of the JSPs being exposed.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

Windows Platform

  • Sun Java System Application Server Enterprise Edition 8.1 with file-based patch 119172-18 or package-based patch 122848-11 or later
  • Sun Java System Application Server Platform Edition 8.1 with file-based patch 119176-18 or later
  • Sun Java System Application Server Enterprise Edition 8.2 with file-based patch 124678-02 or package-based patch 124684-03 or later
  • Sun Java System Application Server Platform Edition 8.2 with file-based patch 124682-02 or later
  • Sun Java System Application Server Platform Edition 9.0 with file-based patch 124612-05 or later



Modification History


Date: 26-OCT-2007
  • State: Resolved
  • Updated Contributing Factors and Resolution sections



Attachments
This solution has no attachment
 
Sun support customers:
more support information is available after you sign in.
 
»   Login
»   Register
»   Lost UserName/Password
 
Login Required

You must login and have a valid contract to access Sun's Premium content which includes:

  • Sun Alerts
  • Bugs
  • Patches
  • Solutions
  • White Papers
  • Documentation
  • Support Knowledge

Login Required

You must login and have a valid contract to access Sun's contracted features

Access Legend:

(Login to access)   Sun Contracted Content
(Login to access)   Sun Contracted Feature

Please make use of SunSolve Feedback application by selecting the floating [+] to provide feedback about this specific document.

Search
Article Details
Article ID : 201537
Article Type : Sun Alert
Last reviewed : 2007-10-26
Audience : PUBLIC
Keywords :
Provide feedback  (help)
Page Tools
»  Print This Page
»  Email This Article
»  Bookmark This Article
Security Support
»   Security Center
»   Report Security Vulnerabilities
»   Security PGP Key
»   Sun Alert Notifications - RSS Feeds
»   Sun Alert Notifications - eNewsletter
»   Solaris Fingerprint Database
 
SunSolve Navigation
»   Forums for contracted customers
»   Licenses
»   Log a Service Request
»   Patches and Updates
»   Product Download Center
»   SunSystem Handbook
»   SunSolve Japan
SunSolve Feedback, Help and Updates
»   Blog
»   Community
»   Feedback
»   Help
»   Learn about SunSolve
»   Twitter
Contact About Sun News & Events Employment Site Map Privacy Terms of Use Trademarks Copyright Sun Microsystems, Inc. | SunSolve Version 7.4.0 #1