Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Sun Java System Active Server Pages Multiple Vulnerabilities

-

Release Date:  2008-06-04    Views:  9,131

Secunia Advisory SA30523

Where:

From remote

Impact:

Security Bypass, Manipulation of data, Exposure of system information, Exposure of sensitive information, System access

Solution Status:

Vendor Patch

CVE Reference(s):

Description


Some vulnerabilities and a security issue have been reported in Sun Java System Active Server Pages, which can be exploited by malicious users to compromise a vulnerable system, and by malicious people to disclose sensitive information, manipulate certain data, bypass certain security restrictions, or to compromise a vulnerable system.

1) Input passed to an unspecified file included by various ASP applications is not properly verified before being used within a function to create files. This can be exploited to create or append to arbitrary files on the system.

2) A security issue is caused due to password and configuration data being stored within the application server root directory. This can be exploited to disclose sensitive information, e.g. configuration data or password hashes.

3) An input validation error exists within unspecified ASP applications, which can be exploited to disclose the content of arbitrary files or delete arbitrary files via specially crafted HTTP requests containing directory traversal sequences.

Successful exploitation of vulnerabilities #1 to #3 requires network access to the administration server (port 5100/TCP).

4) A boundary error exists in the handling of request within the ASP server, which can be exploited to cause a stack-based buffer overflow via a specially crafted request.

Successful exploitation allows execution of arbitrary code.

5) Various input to unspecified ASP applications is not properly sanitised before being used to execute shell commands. This can be exploited to inject and execute arbitrary shell commands via specially crafted HTTP requests containing shell meta-characters.

Successful exploitation requires authenticated access to the administration server (but see #6).

6) A design error can be exploited to bypass the authentication of the administration HTTP server by sending specially crafted requests to port 5102/TCP.

The vulnerabilities are reported in version 4.0.2. Other versions may also be affected.


Solution:
Update to version 4.0.3

Further details available to Secunia VIM customers

Provided and/or discovered by:
1-6) An anonymous person, reported via iDefense
5) Joshua J. Drake, iDefense Labs

Original Advisory:
Sun:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=705
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=706
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=707
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=708
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=710

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Sun Java System Active Server Pages Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability