« Sun Alert 102722... | Main | Sun Alert 102621... »
26 Feb 2007 Sun Alert 102733 Security Vulnerability With HTTP Requests in Sun Java System Server(s)
posted by security in Alerts
Product: Sun Java System Web Server 6.0 Service Pack 10, Sun Java System Application Server Platform Edition 8.1 2005Q1, Sun ONE Application Server 7, Enterprise Edition, Sun ONE Application Server 7, Standard Edition, Sun Java System Application Server Platform Edition 8.1 2005Q1 Update Release 1, Sun Java System Web Proxy Server 4.0, Sun Java System Web Server 6.1, Sun Java System Application Server Enterprise Edition 8.1 2005Q1, Sun Java System Web Proxy Server 3.6

If the Sun Java System Proxy Server is used in conjunction with the Sun Java System Application Server or the Sun Java System Web Server then it may be susceptible to "HTTP Request Smuggling" (HRS) which can allow remote unprivileged users to be able to poison web caches, hijack sessions, perform cross-site scripting (CSS or XSS) attacks or bypass web application firewall protection. Further information about HRS can be found at https://www.watchfire.com/securearea/whitepapers.aspx?id=12.

Avoidance: Patch
State: Resolved
First released: 30-Nov-2006
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1
Permalink | Comments [0]
Trackback URL: http://blogs.sun.com/security/entry/sun_alert_102733_security_vulnerability
Comments:

Post a Comment:

Name:
E-Mail:
URL:

Your Comment:

HTML Syntax: NOT allowed

« Sun Alert 102722... | Main | Sun Alert 102621... »

Sun Certified Security Administrator

Download Solaris
Patches and Updates
Download Solaris Security Toolkit

« December 2009
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today


Company Info   |   Contact   |   Terms of Use   |   Privacy   |   Trademarks   |   Copyright 2008 Sun Microsystems, Inc.