Note: This is an archival copy of Security Sun Alert 201713 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001264.1.
Date of Resolved Release
A vulnerability in the Sun Java System Application Server may be exploited by a local or remote unprivileged user through a SOAP request to cause the server to take a longer time to respond to clients, which is a type of Denial-of-Service (DoS).
Sun acknowledges, with thanks, Amit Klein from Sanctum Inc. (http://www.sanctuminc.com) for bringing this issue to our attention.
This issue can occur in the following releases:
Note: Releases prior to Sun Java System Application Server 7 are not affected.
For supported architectures and OS versions, see http://wwws.sun.com/software/download/products/3fb01667.html.
If successfully exploited, the application server will take a longer time to respond and may report out-of-memory errors.
There is no workaround. Please see the "Resolution" section below.
This issue is addressed in the following releases:
Sun Java System Application Server upgrade is available for download at http://wwws.sun.com/software/download/app_servers.html.
Sun Java System Application Server Platform Edition 7 Update 3
This solution has no attachment