Vulnerability Bulletins |
Acceso a ficheros arbitrarios en Sun Java System Application Server y Sun Java System Web Server |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Confidencialidad |
| Dificulty | Experto |
| Required attacker level | Acceso remoto con cuenta |
System information |
|
| Property | Value |
| Affected manufacturer | Comercial Software |
| Affected software |
Sun Java System Application Server Sun Java System Web Server |
Description |
|
|
Se ha descubierto una vulnerabilidad en Sun Java System Application Server (SJSAS) y Sun Java System Web Server (SJSWS). La vulnerabilidad reside en un error no especificado. Un atacante local podría leer ficheros fuera del directorio raíz de documentos del sistema en el que SJSAS o SJSWS se ejecuta. |
|
Solution |
|
|
Actualización de software Sun SPARC / Sun ONE Application Server 7 Update 8 SPARC / Sun Java System Application Server 7 2004 Q2 Update 5 SPARC / Sun Java System Application Server Enterprise Edition 8.1 2005 Q1 / (file-based) patch 119169-02 or (SVR4) patch 119166-09 SPARC / Sun Java System Web Server 6.0 Service Pack 10 SPARC / Sun Java System Web Server 6.1 2005 Q1 Service Pack 6 SPARC / Sun Java System Web Server 6.1 2005 Q1 / patch 116648-18 x86 / Sun ONE Application Server 7 Update 8 x86 / Sun Java System Application Server 7 2004 Q2 Update 5 x86 / Sun Java System Application Server Enterprise Edition 8.1 2005 Q1 / (file-based) patch 119170-02 or (SVR4) patch 119167-09 x86 / Sun Java System Web Server 6.0 Service Pack 10 x86 / Sun Java System Web Server 6.1 2005 Q1 Service Pack 6 x86 / Sun Java System Web Server 6.1 2005 Q1 patch 116649-18 Linux / Sun ONE Application Server 7 Update 8 Linux / Sun Java System Application Server 7 2004 Q2 Update 5 Linux / Sun Java System Application Server Enterprise Edition 8.1 2005 Q1 / (file-based) patch 119171-02 or (SVR4) patch 119168-09 Linux / Sun Java System Web Server 6.0 Service Pack 10 Linux / Sun Java System Web Server 6.1 2005 Q1 Service Pack 6 Linux / Sun Java System Web Server 6.1 2005 Q1 / patch 118202-10 AIX / Sun Java System Web Server 6.0 Service Pack 10 AIX / Sun Java System Web Server 6.1 2005 Q1 Service Pack 6 HP-UX / Sun Java System Application Server Enterprise Edition 8.1 2005 Q1 / (native) patch 121514-01 HP-UX / Sun Java System Web Server 6.0 Service Pack 10 HP-UX / Sun Java System Web Server 6.1 2005 Q1 Service Pack 6 HP-UX / Sun Java System Web Server 6.1 2005 Q1 / patch 121510-02 Windows / Sun ONE Application Server 7 Update 8 Windows / Sun Java System Application Server 7 2004 Q2 Update 5 Windows / Sun Java System Application Server Enterprise Edition 8.1 2005 Q1 / (file based) patch 119172-07 or (native) patch 121528-01 Windows / Sun Java System Web Server 6.0 Service Pack 10 Windows / Sun Java System Web Server 6.1 2005 Q1 Service Pack 6 Windows / Sun Java System Web Server 6.1 2005 Q1 / patch 121524-02 http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage |
|
Standar resources |
|
| Property | Value |
| CVE | |
| BID | |
Other resources |
|
|
Sun Alert Notification (102521) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-07-28 |
| 1.1 | Aviso actualizado por Sun (102521) | 2007-03-19 |