int(3330)

Vulnerability Bulletins

Exposición de código fuente en Sun Java System Application Server

Vulnerability classification
Property Value
Confidence level Oficial
Impact Confidencialidad
Dificulty Experto
Required attacker level Acceso remoto sin cuenta a un servicio estandar

System information
Property Value
Affected manufacturer Comercial Software
Affected software Sun Java System Application Server Platform Edition 8.1 2005Q1
Sun Java System Application Server Enterprise Edition 8.2
Sun Java System Application Server Enterprise Edition 8.1 2005Q1
SJS Application Server PE 8.2

Description
Se ha encontrado una vulnerabilidad en Sun Java System Application Server. La vulnerabilidad reside en que JSPs expone código fuente cuando funciona bajo plataformas Windows.

Un atacante remoto podría ver partes críticas del código fuente.

Solution


Actualización de software

Sun(103000)
Sun Java System Application Server Enterprise Edition 8.1 / Windows (file-based) / patch 119172-18
Sun Java System Application Server Enterprise Edition 8.1 / Windows (package-based) / patch 122848-11
Sun Java System Application Server Platform Edition 8.1 / Windows (file-based) / patch 119176-18
Sun Java System Application Server Enterprise Edition 8.2 / Windows (file-based) / patch 124678-02
Sun Java System Application Server Enterprise Edition 8.2 / Windows (package-based) / patch 124684-03
Sun Java System Application Server Platform Edition 8.2 / Windows (file-based) / patch 124682-02
Sun Java System Application Server Platform Edition 9.0 / Windows (file-based) / patch 124612-05
http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage

Standar resources
Property Value
CVE CVE-2007-4025
BID 25058

Other resources
Sun Alert Notification (103000)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103000-1

Version history
Version Comments Date
1.0 Aviso emitido 2007-07-25
1.1 CVE añadido 2007-08-14
1.2 Aviso actualizado por Sun (103000) 2007-10-29
Ministerio de Defensa
CNI
CCN
CCN-CERT