Note: This is an archival copy of Security Sun Alert 201713 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001264.1.
Article ID : 1001264.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-24
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Sun Java System Application Server Denial-of-Service Vulnerability

Category
Security

Release Phase
Resolved

Bug Id
4980660

Date of Resolved Release
15-MAR-2004

Impact

A vulnerability in the Sun Java System Application Server may be exploited by a local or remote unprivileged user through a SOAP request to cause the server to take a longer time to respond to clients, which is a type of Denial-of-Service (DoS).

Sun acknowledges, with thanks, Amit Klein from Sanctum Inc. (http://www.sanctuminc.com) for bringing this issue to our attention.


Contributing Factors

This issue can occur in the following releases:

  • Sun Java System Application Server 7 Update 2 and earlier

Note: Releases prior to Sun Java System Application Server 7 are not affected.

For supported architectures and OS versions, see http://wwws.sun.com/software/download/products/3fb01667.html.


Symptoms

If successfully exploited, the application server will take a longer time to respond and may report out-of-memory errors.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

  • Sun Java System Application Server 7 Update 3 or later

Sun Java System Application Server upgrade is available for download at http://wwws.sun.com/software/download/app_servers.html.



Modification History

Product
Sun Java System Application Server Platform Edition 7 Update 3












































Attachments
This solution has no attachment