|
Sun Java System Application Server / Web Server File Disclosure
|
|
Secunia Advisory:
|
SA21251
|
|
|
Release Date:
|
2006-07-28
|
|
Last Update:
|
2006-08-03
|
|
Popularity:
|
10,175 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Exposure of system information
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Sun Java System Application Server (Sun ONE) 7.x
Sun Java System Application Server 8.x
Sun Java System Web Server (Sun ONE/iPlanet) 6.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2006-3921
|
|
Description:
A vulnerability has been reported in Sun Java System Application Server (SJSAS) and Sun Java System Web Server (SJSWS), which can be exploited by malicious people to gain knowledge of sensitive information.
The vulnerability is caused due to an unspecified error and can be exploited to disclose arbitrary files on the system.
Solution:
Update to fixed versions.
-- SPARC Platform --
* Sun ONE Application Server 7 with Update 8 or later
* Sun Java System Application Server 7 2004 Q2 with Update 5 or later
* Sun Java System Application Server Enterprise Edition 8.1 2005 Q1 with (file-based) patch 119169-02 or (SVR4) patch 119166-09 or later
* Sun Java System Web Server 6.0 with Service Pack 10 or later
* Sun Java System Web Server 6.1 2005 Q1 with Service Pack 6 or later
* Sun Java System Web Server 6.1 2005 Q1 with patch 116648-18 or later
-- x86 Platform --
* Sun ONE Application Server 7 with Update 8 or later
* Sun Java System Application Server 7 2004 Q2 with Update 5 or later
* Sun Java System Application Server Enterprise Edition 8.1 2005 Q1 with (file-based) patch 119170-02 or (SVR4) patch 119167-09 or later
* Sun Java System Web Server 6.0 with Service Pack 10 or later
* Sun Java System Web Server 6.1 2005 Q1 with Service Pack 6 or later
* Sun Java System Web Server 6.1 2005 Q1 with patch 116649-18 or later
-- Linux Platform --
* Sun ONE Application Server 7 with Update 8 or later
* Sun Java System Application Server 7 2004 Q2 with Update 5 or later
* Sun Java System Application Server Enterprise Edition 8.1 2005 Q1 with (file-based) patch 119171-02 or (SVR4) patch 119168-09 or later
* Sun Java System Web Server 6.0 with Service Pack 10 or later
* Sun Java System Web Server 6.1 2005 Q1 with Service Pack 6 or later
* Sun Java System Web Server 6.1 2005 Q1 with patch 118202-10 or later
-- AIX Platform --
* Sun Java System Web Server 6.0 with Service Pack 10 or later
* Sun Java System Web Server 6.1 2005 Q1 with Service Pack 6 or later
-- HP-UX Platform --
* Sun Java System Application Server Enterprise Edition 8.1 2005 Q1 with (native) patch 121514-01 or later
* Sun Java System Web Server 6.0 with Service Pack 10 or later
* Sun Java System Web Server 6.1 2005 Q1 with Service Pack 6 or later
-- Windows Platform --
* Sun ONE Application Server 7 with Update 8 or later
* Sun Java System Application Server 7 2004 Q2 with Update 5 or later
* Sun Java System Application Server Enterprise Edition 8.1 2005 Q1 with (file based) patch 119172-07 or (native) patch 121528-01 or later
* Sun Java System Web Server 6.0 with Service Pack 10 or later
* Sun Java System Web Server 6.1 2005 Q1 with Service Pack 6 or later
Provided and/or discovered by:
Reported by the vendor.
Changelog:
2006-08-03: Added CVE reference.
Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
