Sun Java System Application Server jar file information disclosure
| sun-java-jar-file-information-disclosure (22261) |  Medium Risk |
Description:
Sun Java System Application Server could allow a remote attacker to obtain sensitive information, such as information within the jar file.
Platforms Affected:
- Sun, Java System Application Server 8.1 2005Q1 Enterprise
- Sun, Java System Application Server 8.1 2005Q1 Platform
- Sun, Java System Application Server 8.1 2005Q1 UR1 Platform
Remedy:
Apply the appropriate patch for your system, as listed below. Refer to Sun Alert ID: 101905 for more information. See References.
SPARC platform:
Sun Java System Application Server Platform Edition: 8.1 2005Q2 UR2.
Sun Java System Application Sever Enterprise Edition: 8.1 2005Q1 with patch 119169-01 or later.
Sun Java System Application Server Enterprise Edition: 8.1 2005Q1 with patch 119166-06 or later.
x86 Platform:
Sun Java System Application Server Platform Edition: 8.1 2005Q2 UR2.
Sun Java System Application Sever Enterprise Edition: 8.1 2005Q1 with patch 119170-01 or later.
Sun Java System Application Server Enterprise Edition: 8.1 2005Q1 with patch 119167-06 or later.
Linux Platform:
Sun Java System Application Server Platform Edition: 8.1 2005Q2 UR2.
Sun Java System Application Sever Enterprise Edition: 8.1 2005Q1 with patch 119171-01 or later.
Sun Java System Application Server Enterprise Edition: 8.1 2005Q1 with patch 119168-05 or later.
Windows Platform:
Sun Java System Application Server Platform Edition: 8.1 2005Q2 UR2.
Consequences:
Obtain Information
References:
- CIAC INFORMATION BULLETIN P-305, Sun JAR File Contents Disclosure at http://www.ciac.org/ciac/bulletins/p-305.shtml.
- Sun Alert ID: 101905, Security Vulnerability in Sun Java System Application Server Exposes Contents of "jar" File of Deployed Web Applications at http://sunsolve.sun.com/search/document.do?assetkey=1-26-101905-1&searchclause.
- Sun Java System Application Server Web page, Sun Java System Application Server at http://www.sun.com/software/products/appsrvr/index.xml.
- BID-14823: Sun Java System Application Server Web Application JAR Disclosure Vulnerability
- CVE-2005-4804: Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows remote attackers to read .jar files via unknown vectors related to deployed web applications.
- SA16802: Sun Java System Application Server JAR File Content Disclosure
- VUPEN/ADV-2005-1733: Sun Java System Application Server jar Files Exposure Vulnerability
Reported:
Sep 13, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net