Note: This is an archival copy of Security Sun Alert 201090 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000811.1.
Article ID : 1000811.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-09-10
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in the Sun Java System Content Delivery Server May Allow Unauthorized Data Access



Category
Security

Release Phase
Resolved

Product
Sun Java System Content Delivery Server 5.0
Sun Java System Content Delivery Server 2004Q1

Bug Id
6462140

Date of Resolved Release
24-AUG-2006

Impact

A security vulnerability in the Sun Java System Content Delivery Server may allow a local or remote unprivileged user to read data from any file on the system.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Sun Java System Content Delivery Server 4.0 and 4.1 (for Solaris 9) without patch 4.0_2004Q1_IR9_P1
  • Sun Java System Content Delivery Server 5.0 (for Solaris 9 and 10) without patch 5.0_2005Q4_IR2_P1

x86 Platform

  • Sun Java System Content Delivery Server 4.0 and 4.1 (for Solaris 9) without patch 4.0_2004Q1_IR9_P1
  • Sun Java System Content Delivery Server 5.0 (for Solaris 9 and 10) without patch 5.0_2005Q4_IR2_P1

Hewlett-Packard HP-UX 11i

  • Sun Java System Content Delivery Server 4.0 and 4.1 without patch 4.0_2004Q1_HP_P1

Symptoms

There are no symptoms that would indicate the described issue has occurred.


Workaround

Please see the Resolution section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Sun Java System Content Delivery Server 4.0 and 4.1 (for Solaris 9) with patch 4.0_2004Q1_IR9_P1
  • Sun Java System Content Delivery Server 5.0 (for Solaris 9 and 10) with patch 5.0_2005Q4_IR2_P1

x86 Platform

  • Sun Java System Content Delivery Server 4.0 and 4.1 (for Solaris 9) with patch 4.0_2004Q1_IR9_P1
  • Sun Java System Content Delivery Server 5.0 (for Solaris 9 and 10) with patch 5.0_2005Q4_IR2_P1

Hewlett-Packard HP-UX 11i

  • Sun Java System Content Delivery Server 4.0 and 4.1 with patch 4.0_2004Q1_HP_P1

Note: Please contact your Sun Representative for this product to acquire the appropriate patch.
























































Attachments
This solution has no attachment