Sun Web server hit with multiple security vulnerabilities

A security research firm has found multiple
flaws in Web server software from Sun Microsystems that would
collectively allow attackers to log on, gain root access, peruse
and delete files, and execute malicious commands.



All the vulnerabilities, investigated by
iDefense, appear in versions 4.0.2and earlier of Sun Java System Active Server Pages,
software that allows creation of Active Server Pages across
different operating systems and production environments.



Sun has issued an update to the software along
with workarounds for administrators who want to keep their original
configurations.



The six vulnerabilities are:



The individual who found the vulnerabilities
wishes to remain anonymous, according to iDefense. The security
company reported the vulnerabilities to Sun April 4, and the two
coordinated the public disclosure of the hole yesterday.



The vulnerabilities have been submitted for
inclusion to the CVElist of standardized names of security problems.



About the Author

Joab Jackson is the senior technology editor for Government Computer News.

inside gcn

  • firefighters

    National system to help firefighters quickly locate nearby resources

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group