Multiple vulnerabilities have been identified in Sun Java System Active Server Pages, which could be exploited by attackers to disclose or manipulate data, cause a denial of service or compromise an affected system.
The first issue is caused by a design error in the administration service that does not properly authenticate users, which could be exploited by attackers to bypass authentication restrictions imposed by the HTTP server.
The second vulnerability is caused by input validation errors when processing user-supplied arguments passed to certain commands, which could be exploited to inject arbitrary shell commands via a malicious HTTP request.
The third issue is caused by a buffer overflow error when processing overly long requests, which could be exploited by attackers to cause a denial of service or execute arbitrary code.
The fourth vulnerability is caused by input validation errors in the ASP engine when handling directory traversal requests supplied via the administration server, which could be exploited by attackers to disclose or delete arbitrary files.
The fifth issue is caused due to the placement of the password and configuration data within the application server's root directory, which could allow attackers to gain knowledge of sensitive information.
The sixth vulnerability is caused by a design error in a file included by several ASP applications that provides a function that will write the contents contained within its first parameter to a file specified by its second parameter, which could be exploited by attackers to create, or append to, arbitrary files on the system with root privileges.
Credits
Vulnerabilities reported by iDefense Labs and Joshua J. Drake.
ChangeLog
2008-06-05 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
