Boletines de Vulnerabilidades |
Vulnerabilidad en HTTP Requests en Sun Java System Server |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Aumento de la visibilidad |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado |
Sun Java System Proxy Server 3.6 Sun Java System Proxy Server 4.0 Sun Java System Web Server 6.0 Sun Java System Web Server 6.1 2005Q1 Sun ONE Application Server 7 Sun Java System Application Server 7 2004Q2 Sun Java System Application Server Enterprise Edition 8.1 2005 Q1 Sun Java System Application Server Platform Edition 8.1 2005 Q1 |
Descripción |
|
Se ha descubierto una vulnerabilidad de tipo HTTP Request Smuggling en Sun Java System Proxy server, Web server y Application server. La vulnerabilidad reside en un error no especificado cuando se usa Sun Java System Proxy Server junto con Sun Java System Application Server or the Sun Java System Web Server. Un atacante remoto podría envenenar la caché de la web, utilizar sesiones abiertas, hacer ataques de cross-site scripting (CSS o XSS) o saltarse restricciones de la aplicación web. |
|
Solución |
|
Actualización de software Sun Sun Java System Proxy Server 3.6 / Service Pack 8 http://www.sun.com/download/products.xml?id=42fa5c49 Sun Java System Proxy Server 4.0 / Service Pack 1 http://www.sun.com/download/products.xml?id=4384b5dd Sun Java System Web Server 6.0 / Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun Java System Web Server 6.1 2005Q1 / Service Pack 5 http://www.sun.com/download/products.xml?id=434aec1d http://www.sun.com/download/products.xml?id=43c43041 (International Edition) Sun ONE Application Server 7 / Update 8 http://www.sun.com/download/products.xml?id=438cfb75 (Platform Edition) http://www.sun.com/download/products.xml?id=438cf33d (Standard Edition) Sun Java System Application Server 7 2004Q2 / Update 4 http://www.sun.com/download/products.xml?id=4331ff42 (Standard Edition) http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=8&PartDetailId=SJAS72004Q2U4-EE-OTH-G-ES (Enterprise Edition) Sun Java System Application Server Enterprise Edition 8.1 2005 Q1 / SPARC / (file-based) patch 119169-02 or (SVR4) patch 119166-09 Sun Java System Application Server Platform Edition 8.1 2005 Q1 / SPARC / (file-based) patch 119173-01 Sun Java System Application Server Platform Edition 8.1 2005 Q1 / x86 / (file-based) patch 119174-01 or later Sun Java System Application Server Enterprise Edition 8.1 2005 Q1 / x86 / (file-based) patch 119170-02 or (SVR4) patch 119167-09 Sun Java System Application Server Platform Edition 8.1 2005 Q1 / Linux / (file-based) patch 119175-01 Sun Java System Application Server Enterprise Edition 8.1 2005 Q1 / Linux / (file-based) patch 119171-02 or (Pkg) patch 119168-09 Sun Java System Application Server Platform Edition 8.1 2005 Q1 / Windows / (file based) patch 119176-01 Sun Java System Application Server Enterprise Edition 8.1 2005 Q1 / Windows / (file based) patch 119172-07 or (native) patch 121528-01 |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | |
BID | |
Recursos adicionales |
|
Sun Alert Notification (102733) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1 |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2006-12-04 |
1.1 | Aviso actualizado por Sun (102733) | 2007-02-27 |