Note: This is an archival copy of Security Sun Alert 265329 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020815.1.
Sun Java System Access Manager Policy Agents 2.2
Date of Resolved Release
Security Vulnerabilities in Sun Java System Access Manager Policy Agent 2.2 (Web Agents) May Cause Denial of Service (DoS)
Security vulnerabilities in Sun Java System Access Manager Policy Agent 2.2 (Web Agents) may allow a local or remote user to cause a Denial of Service (DoS) to the Policy Agent in the form of a program crash or an infinite loop, or possibly to execute arbitrary code by sending crafted XML documents.
These issues are related to the vulnerabilities which are described in the following documents:
CVE-2008-3529 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529
CVE-2008-4225 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225
CVE-2008-4226 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226
2. Contributing Factors
These issues can occur in the following releases for all supported platforms:
There are no predictable symptoms that would indicate the described issues have been exploited.
There is no workaround for these issues. Please see the Resolution section below.
These issues are addressed in the following releases for all supported platforms:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment