---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/ Stay Secure, Secunia ---------------------------------------------------------------------- TITLE: Sun Java System Delegated Administrator "HELP_PAGE" HTTP Response Splitting SECUNIA ADVISORY ID: SA34760 VERIFY ADVISORY: http://secunia.com/advisories/34760/ DESCRIPTION: A vulnerability has been reported in Sun Java System Delegated Administrator, which can be exploited by malicious people to conduct HTTP response splitting attacks. Input passed to the "HELP_PAGE" parameter in /da/DA/Login is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user. This allows arbitrary HTML and script code to be executed in a user's browser session in context of an affected site. The vulnerability is reported in Sun Java System Delegated Administrator version 6.2, 6.3, and 6.4 for the SPARC, x86, and Linux platform. SOLUTION: Update to Sun Java System Delegated Administrator version 6.4 and apply the patches. -- SPARC Platform -- Apply patch 121581-20 or later. -- x86 Platform -- Apply patch 121582-20 or later. -- Linux Platform -- Apply patch 121583-20 or later. PROVIDED AND/OR DISCOVERED BY: Core Security Technologies ORIGINAL ADVISORY: Sun #255928: http://sunsolve.sun.com/search/document.do?assetkey=1-26-255928-1 Core Security Technologies: http://www.coresecurity.com/content/sun-delegated-administrator ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------