January 22, 2010

Cenzic Detects a Java System Web Server Remote Code Execution Vulnerability

Weekly product update – Cenzic detects a Java System Web Server Remote Code Execution Vulnerability

As of January 22, 2010 Cenzic now detects a Java System Web Server Remote Code Execution Vulnerability (BugtraqID 37641). Sun Java System Web Server is prone to a remote code execution vulnerability. Attackers can exploit this issue to execute code within the context of the affected application. Sun Java System Web Server 7.0 Update 6 is vulnerable, however other versions may also be affected.

Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.

by
Erin Swanson
Eswanson@cenzic.com


	Java System Web Server Remote Code Execution Vulnerability
	Learn more about this vulnerability on Security Focus
	http://www.securityfocus.com/bid/37641/info

Topic Tags: java, web vulnerability

by Erin Swanson

↑top

link to this

Post a Comment

Title:

Summary:

Comment:

Links:

Your info:

Name:		Required; will be displayed with comment.
E-mail:		Required (in case we need to contact you); will NOT be displayed with comment.
Web:		Optional; will use to hyperlink your name in the comment.
Twitter:		Optional; allows visitors to follow you on Twitter.
Save this in my browser

Verification:

Type the characters you see in the picture above.

Letters are case sensitive.

Notice: Your thoughtful opinions are valued and encouraged, but all comments are moderated so there will be a delay between the time you post your comment and when it appears in this site. Please don't be offended if your comment is edited for clarity or to avoid questionable matters. Offensive or off-topic comments will be deleted.