Note: This is an archival copy of Security Sun Alert 201671 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001244.1. |
Category Security Release Phase Resolved 5063854, 5065017 Date of Resolved Release 13-DEC-2004 Impact A Security Vulnerability in Sun Java System Web Server and Sun Java System Application Server may allow a local or remote unprivileged user the ability to obtain the session information of another user in the web application. Contributing Factors This issue can occur in the following releases for all platforms:
Note: Sun Java System Web Server 6.0 and earlier are not affected by this issue. Symptoms There are no reliable symptoms that would indicate the described issue has been exploited. Workaround There is no workaround. Please see the "Resolution" section below. Resolution This issue is addressed in the following releases:
Sun Java System Web Server 6.1 Service Pack 3 is available for download at: Sun Java System Application Server 7 Standard Edition Update 5 is available for download at: Sun Java System Application Server 7 Platform Edition Update 5 is available for download at: Sun Java System Application Server 7 2004Q2 Update 1 is available for download at: Modification History Date: 10-FEB-2005
Product Sun Java System Application Server Platform Edition 7 Update 7 Attachments This solution has no attachment |
|