Note: This is an archival copy of Security Sun Alert 231526 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1018987.1.
Solaris 10 Operating System
Sun Java Web Console 3.0.2
Sun Java Web Console 3.0.3
Sun Java Web Console 3.0.4
Date of Resolved Release
Security Vulnerability in Sun Java Web Console 3.0.2, 3.0.3, 3.0.4
1. ImpactA security vulnerability in the Sun Java Web Console may allow a local or remote unprivileged user to determine the existence of files or directories in access restricted directories. The ability to gather information on access restricted files or directories indicates a loss of confidentiality.
2. Contributing FactorsThis issue can occur in the following releases:
$ /usr/sbin/smcwebserver -V
If Sun Java Web Console 3.0.2 is installed on the system, the revision number may be checked using the following command:
$ pkginfo -l SUNWmctag | grep VERSION
3. SymptomsThere are no predictable symptoms that indicate the described issue has been exploited.
4. WorkaroundThere is no workaround for this issue. Please see the Resolution section below.
5. ResolutionThis issue is addressed in the following releases:
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
09-May-2008: Updated Contributing Factors section
10-Jun-2008: Updated Contributing Factors section for clarification
This solution has no attachment