Vulnerability Bulletins |
Ejecución de métodos Java en Sun Java System Application Server |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | Networking |
Affected software |
Sun Java System Application Server Standard Edition 8.2 Sun Java System Application Server Enterprise Edition 8.2 Sun Java System Application Server PE 9 Sun Java System Web Server 7.0 |
Description |
|
Se ha encontrado una vulnerabilidad en Sun Java System Application Server and Sun Java System Web Server. La vulnerabilidad reside al no procesar de forma segura las hojas de estilo contenidas en XSLT Transforms en las firmas XML. Un atacante remoto podría ejecutar métodos Java de forma arbitraria mediante ejecutar hojas de estilo XLST dañinas. |
|
Solution |
|
Actualización de software Sun(102992) Sun Java System Web Server 7.0 / SPARC / Update 1 Sun Java System Application Server Platform Edition 8.2 / SPARC (file-based) / patch 124679-01 Sun Java System Application Server Platform Edition 8.2 / SPARC (SVR4) / patch 124672-02 Sun Java System Application Server Enterprise Edition 8.2 / SPARC (file-based) / patch 124675-01 Sun Java System Application Server Enterprise Edition 8.2 / SPARC (SVR4) / patch 124672-02 Sun Java System Web Server 7.0 / x86 / Update 1 Sun Java System Application Server Platform Edition 8.2 / x86 (file-based) / patch 124680-01 Sun Java System Application Server Platform Edition 8.2 / x86 (SVR4) / patch 124673-02 Sun Java System Application Server Enterprise Edition 8.2 / x86 (file-based) / patch 124676-01 Sun Java System Application Server Enterprise Edition 8.2 / x86 (SVR4) / patch 124673-02 Sun Java System Web Server 7.0 / Linux / Update 1 Sun Java System Application Server Platform Edition 8.2 / Linux (file-based) / patch 124681-01 Sun Java System Application Server Platform Edition 8.2 / Linux (RHEL3.0/RHEL4.0) / patch 124674-02 Sun Java System Application Server Enterprise Edition 8.2 / Linux (file-based) / patch 124677-01 Sun Java System Application Server Enterprise Edition 8.2 / Linux (RHEL3.0/RHEL4.0) / patch 124674-02 Sun Java System Web Server 7.0 / Windows / Update 1 Sun Java System Application Server Platform Edition 8.2 / Windows (file-based) / patch 124682-01 Sun Java System Application Server Enterprise Edition 8.2 / Windows (file-based) / patch 124678-01 Sun Java System Application Server Enterprise Edition 8.2 / Windows (package-based) / patch 124684-02 Sun Java System Web Server 7.0 / HP-UX / Update 1 Sun Java System Web Server 7.0 / SPARC / patch 125437-07 Sun Java System Application Server Platform Edition 9.0 / SPARC (file-based) / patch 124609-05 Sun Java System Web Server 7.0 / x86 / patch 125438-07 Sun Java System Application Server Platform Edition 9.0 / x86 (file-based) / patch 124610-05 Sun Java System Web Server 7.0 / Linux / patch 125439-07 Sun Java System Application Server Platform Edition 9.0 / Linux (file-based) / patch 124611-05 Sun Java System Web Server 7.0 / Windows / patch 125441-06 Sun Java System Application Server Platform Edition 9.0 / Windows (file-based) / patch 124612-05 Sun Java System Web Server 7.0 / HP-UX / patch 125440-01 http://www.sun.com/download/products.xml?id=467713d6 |
|
Standar resources |
|
Property | Value |
CVE | |
BID | |
Other resources |
|
Sun Alert Notification (102992) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1 |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2007-07-12 |
1.1 | Aviso actualizado por Sun (102992) | 2007-10-29 |