Pentest Security Advisory : PTL-2004-06
Buffer Overflow Vulnerabilities in Sun Java System Web Proxy Server
|Title:||Buffer Overflow Vulnerabilities in Sun Java System Web Proxy Server|
|Announcement date:||29th October 2004|
|Products:||Sun Java System Web Proxy Server|
|Vulnerability Type:||Remote Code Execution / Elevation of Privileges|
Numerous buffer overflow vulnerabilities were discovered in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) that could allow an unprivileged remote user to crash either the Web Proxy Server or Admin Server (of the Web Proxy Server), it may also be possible to execute arbitrary code with the privileges of the respective server processes.
Sun Java System Web Proxy Server 3.6 Service Pack 4 or earlier are affected
Fix / Workarounds
Customers can install the latest version of Sun Java System Web Proxy Server (Service Pack 5) from: http://wwws.sun.com/software/download/products/4149bc42.html
Pentest offers a thorough, yet adaptive range of security services to help customers address vulnerabilities in their network or applications. Services include: Secure Coding Workshops, SAST tools, Manual Penetration Testing and Security Audits.
Pentest offers a complete Database Security Assessment Service (DSAS) to businesses that rely on the security of the information held within their databases or have concerns relating to the security compliance of these systems.