Sun Web Server Hit with Multiple Security Vulnerabilities
- By Joab Jackson
A security research firm has found multiple flaws in Web server software from
Sun Microsystems that would collectively allow attackers to log on, gain root
access, peruse and delete files, and execute malicious commands.
All the vulnerabilities, investigated by iDefense, appear in versions
4.2 and earlier of Sun Java System Active Server Pages, software that allows
creation of Active Server Pages across different operating systems and production
Sun has issued an update to the software along with workarounds for administrators
who want to keep their original configurations.
The six vulnerabilities are:
The individual who found the vulnerabilities wishes to remain anonymous, according
to iDefense. The security company reported the vulnerabilities to Sun on April
4, and the two companies coordinated the public disclosure of the hole yesterday.
The vulnerabilities have been submitted for inclusion to the CVE
list of standardized names of security problems.
Joab Jackson is the chief technology editor of Government Computing News (GCN.com).