Sun Web server hit with multiple security vulnerabilities

A security research firm has found multiple
flaws in Web server software from Sun Microsystems that would
collectively allow attackers to log on, gain root access, peruse
and delete files, and execute malicious commands.



All the vulnerabilities, investigated by
iDefense, appear in versions 4.0.2and earlier of Sun Java System Active Server Pages,
software that allows creation of Active Server Pages across
different operating systems and production environments.



Sun has issued an update to the software along
with workarounds for administrators who want to keep their original
configurations.



The six vulnerabilities are:



The individual who found the vulnerabilities
wishes to remain anonymous, according to iDefense. The security
company reported the vulnerabilities to Sun April 4, and the two
coordinated the public disclosure of the hole yesterday.



The vulnerabilities have been submitted for
inclusion to the CVElist of standardized names of security problems.



About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected