|
Security specialist At Stake Inc. said a module that ships with Sun Microsystems Inc.'s Open Net Environment (ONE) Application Server has a flaw that could be exploited by outside attackers and that could give them control of the running Web server. The flaw is in the Connector Module, a Netscape Server Application Programming Interface (NSAPI) plug-in that integrates the Sun ONE Web Server with the Application Server.
An overly long uniform resource locator (URL) in an incoming HTTP request handled by the module could cause a stack-buffer overflow, Cambridge, Mass.-based At Stake said in an advisory yesterday.
The flaw affects Sun ONE Application Server 6.0 and 6.5. A patch is available for Version 6.5, but not for Version 6.0, according to At Stake. However, there are a number of work-arounds, including the following:
Read More . . .
|
Add Your Resource
Post Review
Read Reviews
Print