- Nokia's new N97 vs. the iPhone
- 10 Microsoft research projects
- Hard to get justice in MySpace case
- Smartphone smackdown: Storm vs. iPhone
- Apple removes antivirus support page
Security specialist @Stake says that a module that ships with Sun's Sun One Application Server has a flaw which could be exploited by outside attackers and which could give them control of the running Web server.
The flaw is in the Connector Module, a Netscape Server Application Programming Interface (NSAPI) plug-in that integrates the Sun One Web Server with the Application Server.
An overly long URI in an incoming HTTP request handled by the module could cause a stack buffer overflow, @Stake said in an advisory Thursday.
The flaw affects Sun One Application Server 6.0 and Sun One Application Server 6.5. A patch is available for Version 6.5.
No patch is available for Version 6.0, according to @Stake, but there are a number of workarounds.
These include:
• Writing an NSAPI module to inspect the length of HTTP request URIs.
• Terminating the Secure Sockets Layer (SSL) session on a device before the Sun ONE Web server and installing an Intrusion Detection System sensor to monitor the clear-text traffic.
• Terminating the SSL session on a reverse proxy that performs data validation on all HTTP request headers.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment