|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] SDK XSL Template Parsing Denial of Service
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Sep 19 2003 - 09:54:40 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
SDK XSL Template Parsing Denial of Service
SECUNIA ADVISORY ID:
SA9784
VERIFY ADVISORY:
http://www.secunia.com/advisories/9784/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
Local system
SOFTWARE:
Sun Java SDK 1.4.x
Sun Java JRE 1.3.x
Sun Java JRE 1.4.x
Sun Java SDK 1.3.x
DESCRIPTION:
A vulnerability has been reported in SDK allowing malicious users to
cause a Denial of Service.
The problem is that some sun classes fail to handle certain
parameters properly. One vulnerable class is
"sun.misc.MessageUtils.toStdout", which can't handle null objects.
This could be exploited by malicious users, who are able to make a
SDK based application parse a XSL template, to cause a Denial of
Service on JVM.
The vulnerability has been reported to affect all current versions of
SDK.
SOLUTION:
Restrict access so that only trusted users can access applications,
which parse XSL templates.
REPORTED BY / CREDITS:
Marc Schoenefeld
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]