In association with heise online

04 December 2006, 11:48

Sun removes vulnerabilities in Java web servers and proxies

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Sun has issued an advisory about a bug in several of its server products that makes them susceptible to HTTP Request Smuggling attacks (HRS). Attackers can use them to remotely manipulate the content of web caches (known as web cache poisoning) or to deceive firewalls and intrusion detection/prevention systems and hijack HTTP sessions. A cross-site scripting (XSS) attack is also possible.

The problem only occurs if the Sun Java System Proxy Server is used in combination with the Java System Application Server or the Sun Java System Web Server. The systems sometimes parse contradictory or inconsistent request entries in different ways. Hence the systems might evaluate several content length headers from identical queries in different ways.

Software vendor Watchfire noted this problem in the middle of last year in a whitepaper on HRS, specifically mentioning SunOne Proxy and SunOne Webserver. Sun also references that whitepaper in its bug advisory. What remains unclear is whether Sun only noticed the problem a year and a half later, or whether the bug took that long to repair.

The newly released updates eliminate the problem in Sun Java System Web Server, Sun Java System Application Server, Sun ONE Application Server and Sun Java System Web Proxy Server. The precise versions involved are provided in the original bug advisory.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit