Note: This is an archival copy of Security Sun Alert 201575 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001181.1.
Article ID : 1001181.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2005-09-07
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Denial of Service Vunerabilities in Sun Java Web Proxy Server

Category
Security

Release Phase
Resolved

Product
Sun Java System Web Proxy Server 3.6

Bug Id
6264430, 6254143, 6291212

Date of Resolved Release
08-SEP-2005

Impact

Three vulnerabilities may (separately) allow a remote unpriviledged user to cause various releases of the Sun Java Web Proxy Server to become unresponsive to requests, which is a Denial-of-Service (DoS) condition.


Contributing Factors

These issues can occur in the following releases on all platforms:

  • Sun Java System Web Proxy Server 3.6 Service Pack 7 and earlier

Note: For Service Pack 7 supported architectures and OS versions, please see http://docs.sun.com/app/docs/coll/S1_webproxysrvr36sp7_en.


Symptoms

If any or all of the described issues occur, the proxy server will be unable to respond to requests, and may also be accompanied by high CPU usage.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

These issues are addressed in the following release:

  • Sun Java System Web Proxy Server 3.6 Service Pack 8 and later

which is available for download at http://www.sun.com/download/products.xml?id=42fa5c49.












Attachments
This solution has no attachment