Category
Security
Release Phase
Resolved
ProductSun Java System Communications Express 2005Q1
Sun Java System Communications Express 2004Q2
Bug Id
6318658
Date of Resolved Release01-NOV-2005
Impact
A security vulnerability in the Sun Java Communications Express software may allow a local or remote unprivileged user the ability to read the Communications Express application configuration files which contain sensitive information.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Sun Java Communications Express (for Solaris 8, 9 and 10) without patch 118540-21
x86 Platform
- Sun Java Communications Express (for Solaris 8, 9 and 10) without patch 118541-21
Linux Platform
- Sun Java Communications Express without patch 118542-21
To determine if the system is impacted by this issue, the following command can be run to see if the SUNWuwc package is installed:
$ pkginfo SUNWuwc
Symptoms
There are no predictable symptoms that would indicate the described vulnerability has been exploited.
Workaround
There is no workaround to this issue. Please see the Resolution section below.
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Sun Java Communications Express with patch 118540-21 or later
x86 Platform
- Sun Java Communications Express with patch 118541-21 or later
Linux Platform
- Sun Java Communications Express with patch 118542-21 or later
References
118540-21
118541-21
118542-21
AttachmentsThis solution has no attachment