----------------------------------------------------------------------

Want a new job?

http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/

International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/

----------------------------------------------------------------------

TITLE:
Sun N1 Service Provisioning System Web Server Plugin Vulnerability

SECUNIA ADVISORY ID:
SA31301

VERIFY ADVISORY:
http://secunia.com/advisories/31301/

CRITICAL:
Less critical

IMPACT:
Security Bypass

WHERE:
>From remote

SOFTWARE:
Sun N1 Service Provisioning System 5.x
http://secunia.com/product/19393/
Sun N1 Service Provisioning System 6.x
http://secunia.com/product/19394/

DESCRIPTION:
A vulnerability has been reported in Sun N1 Service Provisioning
System, which can be exploited by malicious users to bypass certain
security restrictions.

The vulnerability is caused due to an unspecified error in the Sun
Java System Web Server plugin for Sun N1 Service Provisioning System.
This can be exploited to gain administrative access to the Sun Java
System Web Server.

Successful exploitation requires access to the N1SPS administrator
console.

The vulnerability is reported in Sun N1 Service Provisioning System
5.2.x or 6.0.x with the Web Server 7.0 plugin installed.

SOLUTION:
Sun N1 Service Provisioning System 5.2.x or 6.0.x:
Apply Web Server 7.0 plugin patch 138536-01 or later.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-239566-1

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------