|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA13072] Sun Java System Web and Application Server Certificate Handling Denial of Service
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Nov 03 2004 - 07:37:01 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Monitor, Filter, and Manage Security Information
- Filtering and Management of Secunia advisories
- Overview, documentation, and detailed reports
- Alerting via email and SMS
Request Trial:
https://ca.secunia.com/?f=l
----------------------------------------------------------------------
TITLE:
Sun Java System Web and Application Server Certificate Handling
Denial of Service
SECUNIA ADVISORY ID:
SA13072
VERIFY ADVISORY:
http://secunia.com/advisories/13072/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
From remote
SOFTWARE:
Sun Java System Web Server (Sun ONE/iPlanet) 6.x
http://secunia.com/product/92/
Sun Java System Application Server (Sun ONE) 7.x
http://secunia.com/product/1534/
DESCRIPTION:
Some vulnerabilities have been reported in Sun Java System Web Server
and Sun Java System Application Server, which can be exploited by
malicious people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to some errors within the handling
of client certificates and can be exploited to crash the application
by supplying a malformed client certificate.
The vulnerabilities affect the following versions:
* Sun Java System Web Server 6.0 Service Pack 7 and prior
* Sun Java System Web Server 6.1 Service Pack 1 and prior
* Sun Java System Application Server 7 Standard Edition Update 4 and
prior
* Sun Java System Application Server 7 Platform Edition Update 4 and
prior
* Sun Java System Application Server 7 2004Q2
SOLUTION:
The vulnerabilities have been fixed in the following versions:
* Sun Java System Web Server 6.0 Service Pack 8 or later
* Sun Java System Web Server 6.1 Service Pack 2 or later
* Sun Java System Application Server 7 Standard Edition Update 5 or
later
* Sun Java System Application Server 7 Platform Edition Update 5 or
later
* Sun Java System Application Server 7 2004Q2 Update 1 or later
Sun Java System Web Server 6.0 SP8:
http://wwws.sun.com/software/download/products/40968fe6.html
Sun Java System Web Server 6.1 SP3:
http://wwws.sun.com/software/download/products/415a094d.html
Sun Java System Application Server 7 Standard Edition Update 5:
http://wwws.sun.com/software/download/products/414b472d.html
Sun Java System Application Server 7 Platform Edition Update 5:
http://wwws.sun.com/software/download/products/4151fe59.html
Sun Java System Application Server 7 2004Q2 Update 1:
http://wwws.sun.com/software/download/products/4154c5a5.html
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57669-1
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]