Sun One Web server flaw can run attack code


Sun One Web server flaw can run attack code

A security hole in Sun Microsystems' Sun One and iPlanet Web servers can allow an attacker to launch a denial of service attack on the server, according to a security alert released on Friday by eEye Digital Security.

Using a specially formed request employing chunked transfer encoding, an attacker can cause a buffer overflow on the Web servers that will crash them, according to a separate security alert released by Sun.

This can allow an attacker to run malicious code, Sun said. Chunked transfer encoding is a feature allowing applications to maintain persistent connections without knowing the length of the expected content.

The vulnerability can be exploited remotely, meaning that an attacker who does not have physical access to the machine can launch an attack.

The flaws affect iPlanet Web server 4.1 and Sun One Web server 6.0, according to the alerts.

Sun has released both a work around and service packs that fix the problem. Links to the downloads and more information about the vulnerability, can be found at

Another vulnerability involving chunked encoding was discovered in the Apache Web server in June.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy