---------------------------------------------------------------------- Accurate Vulnerability Scanning No more false positives, no more false negatives http://secunia.com/vulnerability_scanning/ ---------------------------------------------------------------------- TITLE: Sun Java System Products TLS Session Renegotiation Plaintext Injection SECUNIA ADVISORY ID: SA38020 VERIFY ADVISORY: http://secunia.com/advisories/38020/ DESCRIPTION: A vulnerability has been reported in Sun Java System products, which can be exploited by malicious people to manipulate certain data. For more information: SA37291 SOLUTION: Apply patches. -- SPARC Platform -- Sun Java System Web Server 7.0: Apply update 7 or later. Sun Java System Web Proxy Server Server: Update to version 4.0.13 or later Sun GlassFish Enterprise Server v2.1.1 with HADB - Package Based: Apply patch 128640-15 or later (for customers with valid support contract). Sun GlassFish Enterprise Server v2.1.1 with HADB: Apply patch 128643-15 or later (for customers with valid support contract) or 141700-03 or later (for customers without valid support contract). -- x86 Platform -- Sun Java System Web Server 7.0: Apply update 7 or later. Sun Java System Web Proxy Server: Update to version 4.0.13 or later. Sun GlassFish Enterprise Server v2.1.1 with HADB - Package Based: Apply patch 128641-15 or later (for customers with valid support contract). Sun GlassFish Enterprise Server v2.1.1 with HADB: Apply patch 128644-15 or later (for customers with valid support contract) or 141701-03 or later (for customers without valid support contract). -- Linux -- Sun Java System Web Server 7.0: Apply update 7 or later. Sun Java System Web Proxy Server: Update to version 4.0.13 or later. Sun GlassFish Enterprise Server v2.1.1 with HADB - Package Based: Apply patch 128642-15 or later (for customers with valid support contract). Sun GlassFish Enterprise Server v2.1.1 with HADB: Apply patch 128645-15 or later (for customers with valid support contract) or 141702-03 or later (for customers without valid support contract). -- HP-UX -- Sun Java System Web Server 7.0: Apply update 7 or later. Sun Java System Web Proxy Server: Update to version 4.0.13 or later. -- Windows -- Sun Java System Web Server 7.0: Apply update 7 or later. Sun Java System Web Proxy Server: Update to version 4.0.13 or later. Sun GlassFish Enterprise Server v2.1.1 with HADB: Apply patch 128646-15 or later (for customers with valid support contract) or 141703-03 or later (for customers without valid support contract). A final resolution is reportedly pending completion. PROVIDED AND/OR DISCOVERED BY: The vendor credits Marsh Ray and Steve Dispensa of PhoneFactor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1 OTHER REFERENCES: SA37291: http://secunia.com/advisories/37291/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------