Note: This is an archival copy of Security Sun Alert 200069 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000053.1. |
Category Security Release Phase Resolved Sun Java System Web Server 7.0 Sun Java System Web Server 6.1 Bug Id 6519839 Date of Resolved Release 02-AUG-2007 Impact A vulnerability in Sun Java System Web Server may allow improper HTTP header injection, HTTP response splitting attacks and unauthorized access to resources. Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Linux
Windows
HP-UX
AIX
Note: Other versions of the above listed applications are not affected by this issue. To determine the version of Sun Java System Web Server 6.1 on a system, the following command can be run: $ <WS-install>/https-<host>/start -version (Where <WS-install> is the installation directory of the Web Server and <host> should be the actual host name on which the Web Server is installed). To determine the version of Sun Java System Web Server 7.0 on a system, the following command can be run: $ <WS-install>/bin/wadm --version (Where <WS-install> is the installation directory of the Web Server). This issue can occur when a 'redirect' Server Application Function (SAF) is set to use the 'url-prefix' parameter along with the 'escape' parameter being set to 'no', or an 'Error' directive is set to use the 'url-prefix' parameter in 'obj.conf' file. Symptoms There are no predictable symptoms that would indicate the described issue has been exploited. Workaround To avoid this issue until an upgrade can be applied, edit the 'obj.conf' in the Webserer instance's 'config' directory to ensure the following:
Safe examples: NameTrans fn="redirect" from="/oldurl" url="/newurl" escape="no" NameTrans fn="redirect" from="/oldprefix" url-prefix="/newprefix" Error fn="redirect" from="/oldurl" url="/newurl" Unsafe examples: NameTrans fn="redirect" from="/oldprefix" url-prefix="/newprefix" escape="no" Error fn="redirect" from="/oldprefix" url-prefix="/newprefix" Error fn="redirect" from="/oldprefix" url-prefix="/newprefix" escape="yes" (By default, the 'escape' parameter is set to "yes". If the 'obj.conf' file is modified, the Webserver instance should be restarted). Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Linux
Windows
HP-UX
AIX
Sun Java System Web Server 6.1 Service Pack 8 is available at http://www.sun.com/download/products.xml?id=4694392a Sun Java System Web Server 7.0 Update 1 is available at http://www.sun.com/download/products.xml?id=467713d6 References125437-07125438-07 125439-07 125440-01 125441-06 Attachments This solution has no attachment |
|