Sun Web server hit with multiple security vulnerabilities

A security research firm has found multiple
flaws in Web server software from Sun Microsystems that would
collectively allow attackers to log on, gain root access, peruse
and delete files, and execute malicious commands.



All the vulnerabilities, investigated by
iDefense, appear in versions 4.0.2and earlier of Sun Java System Active Server Pages,
software that allows creation of Active Server Pages across
different operating systems and production environments.



Sun has issued an update to the software along
with workarounds for administrators who want to keep their original
configurations.



The six vulnerabilities are:



The individual who found the vulnerabilities
wishes to remain anonymous, according to iDefense. The security
company reported the vulnerabilities to Sun April 4, and the two
coordinated the public disclosure of the hole yesterday.



The vulnerabilities have been submitted for
inclusion to the CVElist of standardized names of security problems.



About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Featured

  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/Shutterstock.com)

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.