|
Sun Java System Application Server JAR File Content Disclosure
|
|
|
|
|
Secunia Advisory:
|
SA16802
|
|
|
Release Date:
|
2005-09-14
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Sun Java System Application Server 8.x
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
A vulnerability has been reported in Sun Java System Application Server, which can be exploited by malicious people to disclose certain sensitive information.
The vulnerability is caused due to an unspecified error that allows the contents of a JAR file of a deployed web application to be exposed.
The vulnerability has been reported in the following versions:
* Platform Edition 8.1 2005Q1
* Platform Edition 8.1 2005Q1 (UR1) Update Release 1
* Enterprise Edition 8.1 2005Q1
Solution:
Apply patches.
NOTE: Web applications that were deployed prior to installing the patches will still be affected. Refer to vendor's original advisory for recommended workarounds.
-- SPARC Platform --
Platform Edition 8.1 2005Q1:
Update to Q2 UR2.
http://java.sun.com/j2ee/1.4/download.html
Enterprise Edition 8.1 2005Q1:
Apply (file based) patch 119169-01 or later, or (SVR4) patch 119166-06 or later.
-- x86 Platform --
Platform Edition 8.1 2005Q1:
Update to Q2 UR2.
http://java.sun.com/j2ee/1.4/download.html
Enterprise Edition 8.1 2005Q1:
Apply (file based) patch 119170-01 or later, or (SVR4) patch 119167-06 or later.
-- Linux Platform --
Platform Edition 8.1 2005Q1:
Update to Q2 UR2.
http://java.sun.com/j2ee/1.4/download.html
Enterprise Edition 8.1 2005Q1:
Apply (file based) patch 119171-01 or later, or RHEL2.1/RHEL3.0 (Pkg_patch) 119168-05 or later.
-- Windows Platform --
Platform Edition 8.1 2005Q1:
Update to Q2 UR2.
http://java.sun.com/j2ee/1.4/download.html
Provided and/or discovered by:
Reported by vendor.
Original Advisory:
http://sunsolve.sun.com/search/docume...setkey=1-26-101905-1&searchclause
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
9 Related Secunia Security Advisories
|
|
|
1. Sun Java System Application Server JSP Source Code Disclosure
|
|
2. Sun Java System Web / Application Server XSLT Processing Vulnerability
|
|
3. Sun Java System Products NSS SSLv2 Processing Buffer Overflows
|
|
4. Sun Java System Server Products HTTP Request Smuggling
|
|
5. Sun Java System Multiple Products RSA Signature Forgery
|
|
6. Sun Java System Application Server / Web Server File Disclosure
|
|
7. Sun Java System Application Server Cross-Site Scripting
|
|
8. Sun Java System Application Server Reverse SSL Proxy Plug-in Vulnerability
|
|
9. Sun Java System Application Server Path Disclosure Weakness
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
