Note: This is an archival copy of Security Sun Alert 201721 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001270.1.
Date of Resolved Release
An issue in ASN.1 parsing may be exploited by a local or remote unprivileged user to create a Denial-Of-Service condition in the Sun Java System Web Server and Sun Java System Application Server.
This issue is also described in CERT Vulnerability VU#104280 at http://www.kb.cert.org/vuls/id/104280, which is referenced in CERT Advisory CA-2003-26 at http://www.cert.org/advisories/CA-2003-26.html. Also see the NISCC Vulnerability Advisory 006489/TLS at http://www.uniras.gov.uk/vuls/2003/006489/tls.htm.
This issue can occur in the following releases on all platforms:
For supported architectures and OS versions see:
Sun Java System Web Server 4.1, Enterprise Edition, Service Pack 13 at http://wwws.sun.com/software/download/products/3f8472da.html
Sun Java System Web Server 6.0 Service Pack 6 at http://wwws.sun.com/software/download/products/3f186391.html
Sun Java System Web Server 6.1 at http://wwws.sun.com/software/download/products/3f4f998d.html
Sun Java System Application Server 7, Standard Edition Update 2 at http://wwws.sun.com/software/download/products/3f7df408.html
Sun Java System Application Server 7, Platform Edition Update 2 at http://wwws.sun.com/software/download/products/3fb01655.html
The Application Server or Web Server may restart unexpectedly.
There is no workaround. Please see the Resolution section.
This issue is addressed in the following releases:
Sun Java System Web Server releases are available at http://wwws.sun.com/software/download/inter_ecom.html#webs.
Sun Java System Application Server releases are available at http://wwws.sun.com/software/download/app_servers.html.
Sun Java System Application Server Standard Edition 7 2004Q2
This solution has no attachment