Sun Java System Application Server Administration Component Grants Full Control to Remote Users - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Web Server/CGI) > Sun Java Application Server (Sun ONE)

Vendors: Oracle, Sun

Sun Java System Application Server Administration Component Grants Full Control to Remote Users

SecurityTracker Alert ID: 1025410

SecurityTracker URL: http://securitytracker.com/id/1025410

CVE Reference: CVE-2011-0807 (Links to External Site)

Date: Apr 20 2011

Impact: Root access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 2.1, 2.1.1, 3.0.1, 9.1

Description: A vulnerability was reported in Sun Java System Application Server. A remote user can take full control of the target system.

The vulnerability resides in the Administration component.

Sun GlassFish Enterprise Server is also affected.

The following researchers reported these and other Oracle vulnerabilities:

Alexander Kornbrust of Red Database Security; Alexandr Polyakov of Digital Security; Ariel Elias-Bachrach of Navy Federal Credit Union; babi working with Beyond Security's SecuriTeam Secure Disclosure program; Bryan Horstmann-Allen; Dan Rosenberg of Virtual Security Research; David Vaartjes of ITsec Security Services; Dmitri Gribenko; Esteban Martinez Fayo of Application Security, Inc.; Jason Bowes of TippingPoint's Zero Day Initiative; Joris Knape of Seneca Risk & Security BV; Juan Manuel Garcia of CYBSEC S.A.; Juan Pablo Perez Etchegoyen of Onapsis; Marc Schoenefeld of Red Hat; Mark Cranness of Clarus Limited; Mike Bailey of MAD Security; Nahuel Grisolia formerly of CYBSEC S.A.; Oleg P. of HSC Security Portal; Stijn Handgraaf of ITsec Security Services; Sumit Siddharth from 7safe; Tony Fogarty formerly of DNV; Vicente Aguilera Diaz of Internet Security Auditors, S.L.; Wietse Venema; and Will Dormann of CERT/CC.

Impact: A remote user can take full control of the target system.

Solution: The vendor has issued a fix, described in their April 2011 Critical Patch Update advisory.

The vendor's advisory is available at:

http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

Vendor URL: www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html (Links to External Site)

Cause: Not specified

Underlying OS: Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History: None.

Source Message Contents

Date: Wed, 20 Apr 2011 01:43:15 +0000
Subject: Sun Java System Application Server


http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

CVE-2011-0807	Sun GlassFish Enterprise Server

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC