Security firm finds a hole in Sun One

[InfoSec News <isn () c4i org>]

http://www.nwfusion.com/news/2003/0314securfirm.html

By David Legard
IDG News Service
03/14/03

Security specialist @Stake says that a module that ships with Sun's
Sun One Application Server has a flaw which could be exploited by
outside attackers and which could give them control of the running Web
server.

The flaw is in the Connector Module, a Netscape Server Application
Programming Interface (NSAPI) plug-in that integrates the Sun One Web
Server with the Application Server.

An overly long URI in an incoming HTTP request handled by the module
could cause a stack buffer overflow, @Stake said in an advisory
Thursday.

The flaw affects Sun One Application Server 6.0 and Sun One
Application Server 6.5. A patch is available for Version 6.5.

No patch is available for Version 6.0, according to @Stake, but there
are a number of workarounds.

These include:

* Writing an NSAPI module to inspect the length of HTTP request URIs.

* Terminating the Secure Sockets Layer (SSL) session on a device
  before the Sun ONE Web server and installing an Intrusion Detection
  System sensor to monitor the clear-text traffic.

* Terminating the SSL session on a reverse proxy that performs data
  validation on all HTTP request headers.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.