Note: This is an archival copy of Security Sun Alert 201671 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001244.1.
Date of Resolved Release
A Security Vulnerability in Sun Java System Web Server and Sun Java System Application Server may allow a local or remote unprivileged user the ability to obtain the session information of another user in the web application.
This issue can occur in the following releases for all platforms:
Note: Sun Java System Web Server 6.0 and earlier are not affected by this issue.
There are no reliable symptoms that would indicate the described issue has been exploited.
There is no workaround. Please see the "Resolution" section below.
This issue is addressed in the following releases:
Sun Java System Web Server 6.1 Service Pack 3 is available for download at:
Sun Java System Application Server 7 Standard Edition Update 5 is available for download at:
Sun Java System Application Server 7 Platform Edition Update 5 is available for download at:
Sun Java System Application Server 7 2004Q2 Update 1 is available for download at:
Sun Java System Application Server Platform Edition 7 Update 7
This solution has no attachment