Miembros de
Boletines de Vulnerabilidades |
Ejecución de métodos Java en Sun Java System Application Server |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Obtener acceso |
| Dificultad | Experto |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | Networking |
| Software afectado |
Sun Java System Application Server Standard Edition 8.2 Sun Java System Application Server Enterprise Edition 8.2 Sun Java System Application Server PE 9 Sun Java System Web Server 7.0 |
Descripción |
|
|
Se ha encontrado una vulnerabilidad en Sun Java System Application Server and Sun Java System Web Server. La vulnerabilidad reside al no procesar de forma segura las hojas de estilo contenidas en XSLT Transforms en las firmas XML. Un atacante remoto podría ejecutar métodos Java de forma arbitraria mediante ejecutar hojas de estilo XLST dañinas. |
|
Solución |
|
|
Actualización de software Sun(102992) Sun Java System Web Server 7.0 / SPARC / Update 1 Sun Java System Application Server Platform Edition 8.2 / SPARC (file-based) / patch 124679-01 Sun Java System Application Server Platform Edition 8.2 / SPARC (SVR4) / patch 124672-02 Sun Java System Application Server Enterprise Edition 8.2 / SPARC (file-based) / patch 124675-01 Sun Java System Application Server Enterprise Edition 8.2 / SPARC (SVR4) / patch 124672-02 Sun Java System Web Server 7.0 / x86 / Update 1 Sun Java System Application Server Platform Edition 8.2 / x86 (file-based) / patch 124680-01 Sun Java System Application Server Platform Edition 8.2 / x86 (SVR4) / patch 124673-02 Sun Java System Application Server Enterprise Edition 8.2 / x86 (file-based) / patch 124676-01 Sun Java System Application Server Enterprise Edition 8.2 / x86 (SVR4) / patch 124673-02 Sun Java System Web Server 7.0 / Linux / Update 1 Sun Java System Application Server Platform Edition 8.2 / Linux (file-based) / patch 124681-01 Sun Java System Application Server Platform Edition 8.2 / Linux (RHEL3.0/RHEL4.0) / patch 124674-02 Sun Java System Application Server Enterprise Edition 8.2 / Linux (file-based) / patch 124677-01 Sun Java System Application Server Enterprise Edition 8.2 / Linux (RHEL3.0/RHEL4.0) / patch 124674-02 Sun Java System Web Server 7.0 / Windows / Update 1 Sun Java System Application Server Platform Edition 8.2 / Windows (file-based) / patch 124682-01 Sun Java System Application Server Enterprise Edition 8.2 / Windows (file-based) / patch 124678-01 Sun Java System Application Server Enterprise Edition 8.2 / Windows (package-based) / patch 124684-02 Sun Java System Web Server 7.0 / HP-UX / Update 1 Sun Java System Web Server 7.0 / SPARC / patch 125437-07 Sun Java System Application Server Platform Edition 9.0 / SPARC (file-based) / patch 124609-05 Sun Java System Web Server 7.0 / x86 / patch 125438-07 Sun Java System Application Server Platform Edition 9.0 / x86 (file-based) / patch 124610-05 Sun Java System Web Server 7.0 / Linux / patch 125439-07 Sun Java System Application Server Platform Edition 9.0 / Linux (file-based) / patch 124611-05 Sun Java System Web Server 7.0 / Windows / patch 125441-06 Sun Java System Application Server Platform Edition 9.0 / Windows (file-based) / patch 124612-05 Sun Java System Web Server 7.0 / HP-UX / patch 125440-01 http://www.sun.com/download/products.xml?id=467713d6 |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | |
| BID | |
Recursos adicionales |
|
|
Sun Alert Notification (102992) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1 |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2007-07-12 |
| 1.1 | Aviso actualizado por Sun (102992) | 2007-10-29 |