Note: This is an archival copy of Security Sun Alert 201567 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001173.1.
Article ID : 1001173.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-04-13
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerabilities May Allow a Denial of Service in Sun Java System Web and Application Server Products



Category
Security

Release Phase
Resolved

Product
Sun Java System Application Server Standard Edition 7 2004Q2 Update 4
Sun Java System Web Server 6.1
Sun Java System Application Server Enterprise Edition 7 2004Q2
Sun Java System Application Server Enterprise Edition 7 2004Q2 Update 4
Sun ONE Web Server 6.0

Bug Id
5004563, 5004542, 5016209

Date of Resolved Release
02-NOV-2004

Impact

A remote unprivileged user may be able to crash a Sun Java System Web Server or a Sun Java System Application Server which is configured to use SSL. Being able to crash an application is a type of Denial of Service (DoS).


Contributing Factors

These issues can occur in the following releases for all platforms:

  • Sun Java System Web Server 6.0 Service Pack 7 and earlier
  • Sun Java System Web Server 6.1 Service Pack 1 and earlier
  • Sun Java System Application Server 7 Standard Edition Update 4 and earlier
  • Sun Java System Application Server 7 Platform Edition Update 4 and earlier
  • Sun Java System Application Server 7 2004Q2

Symptoms

The server exits unexpectedly.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

These issues are addressed in the following releases:

  • Sun Java System Web Server 6.0 Service Pack 8 or later
  • Sun Java System Web Server 6.1 Service Pack 2 or later
  • Sun Java System Application Server 7 Standard Edition Update 5 or later
  • Sun Java System Application Server 7 Platform Edition Update 5 or later
  • Sun Java System Application Server 7 2004Q2 Update 1 or later

Sun Java System Web Server 6.0 SP 8 is available for download at http://wwws.sun.com/software/download/products/40968fe6.html.

Sun Java System Web Server 6.1 SP 3 is available for download at http://wwws.sun.com/software/download/products/415a094d.html.

Sun Java System Application Server 7 Standard Edition Update 5 is available for download at http://wwws.sun.com/software/download/products/414b472d.html.

Sun Java System Application Server Platform Edition 7 Update 5 is available for download at http://wwws.sun.com/software/download/products/4151fe59.html.

Sun Java System Application Server 7 2004Q2 Update 1 is available for download at http://wwws.sun.com/software/download/products/4154c5a5.html.



Modification History
Date: 22-DEC-2005

22-Dec-2005:

  • Update Impact section




























Attachments
This solution has no attachment