HTTP admin interface flaw found in Sun directory server

Versions of Sun's Java System Directory Server are vulnerable to an unspecified error in the HTTP admin interface that could expose data to unauthorized users.

A newly discovered flaw in Sun Microsystems Inc.'s LDAP-based directory server could allow unauthorized users to tamper with the system and execute arbitrary commands.

According to an advisory published Friday by the French Security Incident Response Team (FrSIRT) and confirmed by Danish security monitoring Web site Secunia, Sun's Java System Directory Server version 5.2, including patch 3 and prior patches, is vulnerable to an unspecified error in the HTTP admin interface that improperly handles uniquely crafted requests.

FrSIRT writes that, as a result, it is possible for remote attackers to use such requests to gain unauthorized access to a susceptible system and perform malicious actions.

Secunia has classified the problem as moderately critical. It was reportedly exposed by Peter Winter-Smith of UK-based vulnerability assessment firm NGS Software Ltd.

Affected users can eradicate the vulnerability by upgrading to System Directory Server 5.2 patch 4.

According to Sun, the Java System Directory Server is the most widely deployed general-purpose directory server based on Lightweight Director Access Protocol, with more than 1.5 billion entries. Used by enterprises to manage large volumes of user information, it is a software component of Sun's Java Identity Management Suite, the vendor's toolset for managing and securing network identity data.

Dig deeper on Active Directory and LDAP Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close