Several holes in Java System Active Server Pages closed
Sun Microsystems has published an update to close six security holes in Java System Active Server Pages. According to Sun, these holes enable an attacker to run arbitrary code remotely on the server, access data, create arbitrary files, and circumvent security restrictions. The errors are present in all versions up to and including 4.0.2, and for all platforms. They are corrected in version 4.0.3.
See also:
- Multiple Security Vulnerabilities in Sun Java ASP Server may lead to execution of Arbitrary Code or Unauthorized Access to Data, vulnerability report from Sun
(mba)