Sun Java System Web Server Unspecified Unauthorized Access Vulnerability

Bugtraq ID:	22993
Class:	Access Validation Error
CVE:	CVE-2007-1488
Remote:	Yes
Local:	No
Published:	Mar 16 2007 12:00AM
Updated:	May 12 2015 07:33PM
Credit:	The vendor disclosed this issue.
Vulnerable:	Sun Java System Web Server 6.1 SP6 Sun Java System Web Server 6.1 SP5 Sun Java System Web Server 6.1 SP4 Sun Java System Web Server 6.1 SP3 Sun Java System Web Server 6.1 SP2 Sun Java System Web Server 6.1 SP1 Sun Java System Web Server 6.1 Sun Java System Web Server 6.0 SP9 Sun Java System Web Server 6.0 SP10 Sun Java System Web Server 6.0 SP8 Sun Java System Web Server 6.0 SP7 Sun Java System Web Server 6.0 SP6 Sun Java System Web Server 6.0 SP5 Sun Java System Web Server 6.0 SP4 Sun Java System Web Server 6.0 SP3 Sun Java System Web Server 6.0 SP2 Sun Java System Web Server 6.0 SP1 Sun Java System Web Server 6.0 Sun Java System Web Server 6.1
Not Vulnerable:	Sun Java System Web Server 6.1 SP7 Sun Java System Web Server 6.0 SP11

Sun Java System Web Server Unspecified Unauthorized Access Vulnerability

Sun Java System Web Server is prone to a vulnerability that lets attackers gain unauthorized access to sensitive information.

An attacker may leverage this issue to access data stored on the host running the webserver. Such unauthorized access may help the attacker launch other attacks.

Sun Java System Web Server Unspecified Unauthorized Access Vulnerability

An attacker can exploit this issue by using common client applications.

Sun Java System Web Server Unspecified Unauthorized Access Vulnerability

Solution:
The vendor has released patches to address this issue. Please see the references for more information.


Sun Java System Web Server 6.0 SP10

• Sun Sun Java System Web Server 6.0 Service Pack 11
  http://www.sun.com/download/products.xml?id=459db7b2

Sun Java System Web Server 6.1 SP6

• Sun Sun Java System Web Server 6.1 Service Pack 7
  http://www.sun.com/download/products.xml?id=45c90ca9

Sun Java System Web Server Unspecified Unauthorized Access Vulnerability

References:

• Sun Java System Web Server (Sun Microsystems)
  
• Security Vulnerability in Sun Java System Web Server May Allow Unauthorized Acce (Sun Microsystems)