Sun Web server hit with multiple security vulnerabilities
- By Joab Jackson
- Jun 04, 2008
A security research firm has found multiple
flaws in Web server software from Sun Microsystems that would
collectively allow attackers to log on, gain root access, peruse
and delete files, and execute malicious commands.
All the vulnerabilities, investigated by
iDefense, appear in versions 4.0.2and earlier of Sun Java System Active Server Pages,
software that allows creation of Active Server Pages across
different operating systems and production environments.
Sun has issued an update to the software along
with workarounds for administrators who want to keep their original
The six vulnerabilities are:
The individual who found the vulnerabilities
wishes to remain anonymous, according to iDefense. The security
company reported the vulnerabilities to Sun April 4, and the two
coordinated the public disclosure of the hole yesterday.
The vulnerabilities have been submitted for
inclusion to the CVElist of standardized names of security problems.
Joab Jackson is the senior technology editor for Government Computer News.