int(1824)

Vulnerability Bulletins


Revelación del contenido de ficheros JAR en Sun Java System Application Server

Vulnerability classification

Property Value
Confidence level Oficial
Impact Confidencialidad
Dificulty Experto
Required attacker level Acceso remoto sin cuenta a un servicio exotico

System information

Property Value
Affected manufacturer Comercial Software
Affected software Sun Java System Application Server Platform Edition 8.1
Sun Java System Application Server Enterprise Edition 8.1

Description

Se ha descubierto una vulnerabilidad en Sun Java System Application Server 8.1. La vulnerabilidad reside en un error no especificado.

La explotación de esta vulnerabilidad podría permitir a un atacante remoto ver el contenido de los ficheros JAR de una aplicación Web instalada.

Solution



Actualización de software

Sun
Sun Java System Application Server Platform Edition 8.1 / SPARC / 2005Q2 UR2
Sun Java System Application Server Platform Edition 8.1 / x86 / 2005Q2 UR2
Sun Java System Application Server Platform Edition 8.1 / Linux / 2005Q2 UR2
Sun Java System Application Server Platform Edition 8.1 / Windows / 2005Q2 UR2
http://java.sun.com/j2ee/1.4/download.html
Sun Java System Application Server Enterprise Edition 8.1 / SPARC / 2005Q1 patch 119169-01
Sun Java System Application Server Enterprise Edition 8.1 / SPARC / 2005Q1 (SVR4) patch 119166-06
Sun Java System Application Server Enterprise Edition 8.1 / x86 / 2005Q1 patch 119170-01
Sun Java System Application Server Enterprise Edition 8.1 / x86 / 2005Q1 (SVR4) patch 119167-06
Sun Java System Application Server Enterprise Edition 8.1 / Linux / 2005Q1 patch 119171-01
Sun Java System Application Server Enterprise Edition 8.1 / Linux / 2005Q1 RHEL2.1/RHEL3.0 (Pkg_patch) 119168-05
http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage

Standar resources

Property Value
CVE
BID

Other resources

Sun Alert Notification (101905)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101905-1

Version history

Version Comments Date
1.0 Aviso emitido 2005-09-20
Ministerio de Defensa
CNI
CCN
CCN-CERT