Sun Web server hit with multiple security vulnerabilities

A security research firm has found multiple
flaws in Web server software from Sun Microsystems that would
collectively allow attackers to log on, gain root access, peruse
and delete files, and execute malicious commands.

All the vulnerabilities, investigated by
iDefense, appear in versions 4.0.2and earlier of Sun Java System Active Server Pages,
software that allows creation of Active Server Pages across
different operating systems and production environments.

Sun has issued an update to the software along
with workarounds for administrators who want to keep their original

The six vulnerabilities are:

The individual who found the vulnerabilities
wishes to remain anonymous, according to iDefense. The security
company reported the vulnerabilities to Sun April 4, and the two
coordinated the public disclosure of the hole yesterday.

The vulnerabilities have been submitted for
inclusion to the CVElist of standardized names of security problems.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected