Vulnerability Bulletins |
Exposición de código fuente en Sun Java System Application Server |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Confidencialidad |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | Comercial Software |
Affected software |
Sun Java System Application Server Platform Edition 8.1 2005Q1 Sun Java System Application Server Enterprise Edition 8.2 Sun Java System Application Server Enterprise Edition 8.1 2005Q1 SJS Application Server PE 8.2 |
Description |
|
Se ha encontrado una vulnerabilidad en Sun Java System Application Server. La vulnerabilidad reside en que JSPs expone código fuente cuando funciona bajo plataformas Windows. Un atacante remoto podría ver partes críticas del código fuente. |
|
Solution |
|
Actualización de software Sun(103000) Sun Java System Application Server Enterprise Edition 8.1 / Windows (file-based) / patch 119172-18 Sun Java System Application Server Enterprise Edition 8.1 / Windows (package-based) / patch 122848-11 Sun Java System Application Server Platform Edition 8.1 / Windows (file-based) / patch 119176-18 Sun Java System Application Server Enterprise Edition 8.2 / Windows (file-based) / patch 124678-02 Sun Java System Application Server Enterprise Edition 8.2 / Windows (package-based) / patch 124684-03 Sun Java System Application Server Platform Edition 8.2 / Windows (file-based) / patch 124682-02 Sun Java System Application Server Platform Edition 9.0 / Windows (file-based) / patch 124612-05 http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage |
|
Standar resources |
|
Property | Value |
CVE | CVE-2007-4025 |
BID | 25058 |
Other resources |
|
Sun Alert Notification (103000) http://sunsolve.sun.com/search/document.do?assetkey=1-26-103000-1 |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2007-07-25 |
1.1 | CVE añadido | 2007-08-14 |
1.2 | Aviso actualizado por Sun (103000) | 2007-10-29 |