Note: This is an archival copy of Security Sun Alert 201721 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001270.1.
Article ID : 1001270.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-24
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

ASN.1 Parsing Issue May Lead to Denial-of-Service Condition in Sun Java System Web Server and Sun Java System Application Server

Category
Security

Release Phase
Resolved

Bug Id
4945089

Date of Resolved Release
04-MAR-2004

Impact

An issue in ASN.1 parsing may be exploited by a local or remote unprivileged user to create a Denial-Of-Service condition in the Sun Java System Web Server and Sun Java System Application Server.

This issue is also described in CERT Vulnerability VU#104280 at http://www.kb.cert.org/vuls/id/104280, which is referenced in CERT Advisory CA-2003-26 at http://www.cert.org/advisories/CA-2003-26.html. Also see the NISCC Vulnerability Advisory 006489/TLS at http://www.uniras.gov.uk/vuls/2003/006489/tls.htm.


Contributing Factors

This issue can occur in the following releases on all platforms:

  • Sun Java System Web Server 4.1, Enterprise Edition, Service Pack 13 and earlier
  • Sun Java System Web Server 6.0 Service Pack 6 and earlier
  • Sun Java System Web Server 6.1
  • Sun Java System Application Server 7, Standard Edition Update 2 and earlier
  • Sun Java System Application Server 7, Platform Edition Update 2 and earlier

Notes:

  • Releases prior to Sun Java System Application Server 7 are not affected.
  • Sun Java System Web Server was formerly called Sun ONE Web Server which was formerly called iPlanet Web Server
  • Sun Java System Application Server was formerly called Sun ONE Application Server.

For supported architectures and OS versions see:

Sun Java System Web Server 4.1, Enterprise Edition, Service Pack 13 at http://wwws.sun.com/software/download/products/3f8472da.html

Sun Java System Web Server 6.0 Service Pack 6 at http://wwws.sun.com/software/download/products/3f186391.html

Sun Java System Web Server 6.1 at http://wwws.sun.com/software/download/products/3f4f998d.html

Sun Java System Application Server 7, Standard Edition Update 2 at http://wwws.sun.com/software/download/products/3f7df408.html

Sun Java System Application Server 7, Platform Edition Update 2 at http://wwws.sun.com/software/download/products/3fb01655.html


Symptoms

The Application Server or Web Server may restart unexpectedly.


Workaround

There is no workaround. Please see the Resolution section.


Resolution

This issue is addressed in the following releases:

  • Sun Java System Web Server 4.1, Enterprise Edition, Service Pack 14 (final release)
  • Sun Java System Web Server 6.0 Service Pack 7 and later
  • Sun Java System Web Server 6.1 Service Pack 1 and later
  • Sun Java System Application Server 7, Update 2 Upgrade and later

Sun Java System Web Server releases are available at http://wwws.sun.com/software/download/inter_ecom.html#webs.

Sun Java System Application Server releases are available at http://wwws.sun.com/software/download/app_servers.html.



Modification History

Product
Sun Java System Application Server Standard Edition 7 2004Q2
























































Attachments
This solution has no attachment