Note: This is an archival copy of Security Sun Alert 201721 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001270.1. |
Category Security Release Phase Resolved 4945089 Date of Resolved Release 04-MAR-2004 Impact An issue in ASN.1 parsing may be exploited by a local or remote unprivileged user to create a Denial-Of-Service condition in the Sun Java System Web Server and Sun Java System Application Server. This issue is also described in CERT Vulnerability VU#104280 at http://www.kb.cert.org/vuls/id/104280, which is referenced in CERT Advisory CA-2003-26 at http://www.cert.org/advisories/CA-2003-26.html. Also see the NISCC Vulnerability Advisory 006489/TLS at http://www.uniras.gov.uk/vuls/2003/006489/tls.htm. Contributing Factors This issue can occur in the following releases on all platforms:
Notes:
For supported architectures and OS versions see: Sun Java System Web Server 4.1, Enterprise Edition, Service Pack 13 at http://wwws.sun.com/software/download/products/3f8472da.html Sun Java System Web Server 6.0 Service Pack 6 at http://wwws.sun.com/software/download/products/3f186391.html Sun Java System Web Server 6.1 at http://wwws.sun.com/software/download/products/3f4f998d.html Sun Java System Application Server 7, Standard Edition Update 2 at http://wwws.sun.com/software/download/products/3f7df408.html Sun Java System Application Server 7, Platform Edition Update 2 at http://wwws.sun.com/software/download/products/3fb01655.html Symptoms The Application Server or Web Server may restart unexpectedly. Workaround There is no workaround. Please see the Resolution section. Resolution This issue is addressed in the following releases:
Sun Java System Web Server releases are available at http://wwws.sun.com/software/download/inter_ecom.html#webs. Sun Java System Application Server releases are available at http://wwws.sun.com/software/download/app_servers.html. Modification History Product Sun Java System Application Server Standard Edition 7 2004Q2 Attachments This solution has no attachment |
|