Note: This is an archival copy of Security Sun Alert 201648 as previously published on
Latest version of this security advisory is available from as Sun Alert 1001227.1.
Article ID : 1001227.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-19
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Buffer Overflow Vulnerabilities in Sun Java System Web Proxy Server 3.6


Release Phase

Bug Id

Date of Resolved Release


A buffer overflow vulnerability in the Sun Java System Web Proxy Server (Formerly Sun ONE Proxy Server) may allow a remote unprivileged user to execute arbitrary code on the system running the Web Proxy Server with the privileges of the server process.

Note: The default UID for the Web Proxy Server is "nobody", however, the administrator may have used a different UID from the default during installation or configuration.

Contributing Factors

This issue can occur in the following releases for all platforms:

  • Sun Java System Web Proxy Server 3.6 Service Pack 6 and earlier

Note: For supported architectures and OS versions see


The Web Proxy Server may crash if the described buffer overflow vulnerabilities have been exploited.


There is no workaround. Please see the "Resolution" section below.


This issue is addressed in the following release:

  • Sun Java System Web Proxy Server 3.6 Service Pack 7 and later

which can be downloaded at under the "Web and Proxy Servers" selection.

Modification History

Sun Java System Web Proxy Server 3.6

This solution has no attachment