Sun One Web server flaw can run attack code

Sam Costello (Computerworld)
12 August, 2002 08:35
Comments

A security hole in Sun Microsystems Inc.'s Sun One and iPlanet Web servers can allow an attacker to launch a denial of service attack on the server and to run attack code of his or her choice, according to a security alert released Friday by eEye Digital Security Inc.

Using a specially formed request employing chunked transfer encoding, an attacker can cause a buffer overflow on the Web servers, which will crash them, according to a separate security alert released by Sun. This can allow an attacker to run malicious code, Sun said. Chunked transfer encoding is a feature allowing applications to maintain persistent connections without knowing the length of the expected content.

The vulnerability is remotely exploitable, meaning that an attacker who does not have physical access to the machine can launch an attack on affected systems.

The flaws affect iPlanet Web server 4.1 and Sun One Web server 6.0, according to the alerts.

Sun has released both a work around and service packs that fix the problem. Links to those downloads, as well as more information about the vulnerability, can be found at http://www.sun.com/service/support/software/iplanet/alerts/transferencodingalert-23july2002.html.

Another vulnerability involving chunked encoding was discovered in the Apache Web server in June.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email Computerworld
Follow Computerworld on twitter

More about: Apache, eEye Digital Security, iPlanet

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Whitepapers

Keeping up With Ever-Expanding Enterprise Data - 2010 IOUG Database Growth Survey

A majority of respondents report having performance and budget issues due to exponential data growth. Those companies with the highest rates of data growth, in fact, are eight times more likely than slow-growth sites to be seeing significant increases in their storage budgets. New processes and tools are needed to help organizations take control of the massive volumes of information now moving through their systems. The IOUG survey looked at approaches being taken by organizations to manage their growing data stores, and what still needs to be done.

Featured Download

SoftPerfect Network Protocol Analyzer

Publisher's notes: SoftPerfect Network Protocol Analyzer is an advanced, professional tool for analyzing, debugging, maintaining and monitoring local networks and Internet connections. It captures the ...

Zones

Most Popular Whitepapers

Process-Driven Master Data Management for Dummies

We wrote this book to introduce you to the subject of processdriven MDM. It’s a big topic, one that far outstrips the ability of a brief book to cover. However, our hope is that by reading this book you will gain a fundamental understanding of processdriven MDM, how it works, and what it takes to make it a success in your organisation.

Popular tags: Business Management, Security, Data Centre, Storage, Master Data Management

Latest Jobs

CCSystem Engineer - Exchange - CONTRACTSWA
CCSAP FICO ConsultantNT
FTTechnical Services Engineer - ShoreTel/MitelVIC
FTSenior Citrix EngineerNSW
FTSenior Citrix EngineerNSW
FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW
CCAvaya Engineer - ERS 8600 4.1NSW
FTChange Management ProfessionalsNSW
FTProduct Manager Strategist - Enterprise ApplicationsNSW
FTSAP Basis ConsultantACT
CCOBIEE ConsultantWA
CCSAP PM ConsultantNSW
FTQM Trainer and ConsultantNSW
FTIT Account Manager - System Integrator - Career Progression - Start ImmediatelyNSW
FTSAP Basis ConsultantNSW
FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW
CCSystem Engineer - Lync and Exchange - CONTRACTSWA
FTSenior Network Engineer - Cisco / Nexus / UCS / - Routing / Switching / WirelessNSW
FTiPhone App DeveloperNSW
CCPC Relocation Technicians - Multiple Roles availableSA
FTIT Service Desk EngineerNSW
FTiPhone Developer DeveloperNSW
FTIT Service Desk EngineerNSW
FTiPhone App DeveloperNSW
FTiPhone App DeveloperNSW

Market Place

Sun One Web server flaw can run attack code

Comments

Post new comment

Wednesday Grok: Microsoft’s browser lockout is to be pitied more than despised

Spotify music streaming hits Australian shores

Coalition NBN better or worse?

Alternatives to Raspberry Pi you can get right now

Bredolab botnet author sentenced to 4 years in prison in Armenia

Which tablet should I buy? iPad 2 vs Sony Tablet S

NBN service plans won't cost consumers more: Conroy

Microsoft at a loss over Event Viewer scam

Stallman: If you want freedom don't follow Linus Torvalds

New MSN site updates users on topics trending on Twitter, Facebook

CeBIT 2012: Will NBN speed up freight delivery times?

Keeping up With Ever-Expanding Enterprise Data - 2010 IOUG Database Growth Survey

Protecting Against the Leading Causes of Data Breach

TestPro achieves visibility over software defect management - Reducing project risk and improving quality

Reducing Costs Through Better Server Utilisation

SoftPerfect Network Protocol Analyzer

Avaya Air Cover Zone

Application Lifecycle Management

HP Converged Storage Zone

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

Process-Driven Master Data Management for Dummies

Business Intelligence Best Practices for Dashboard Design

Learning To Compete: IT’s Next Transformation

Becoming a Social Business

Seven Steps to Effective Data Governance

Computerworld newsletter

Don't have an account?

Sun One Web server flaw can run attack code

Comments

Post new comment

Computerworld newsletter