News Stay informed about the latest enterprise technology news and product updates.

HTTP admin interface flaw found in Sun directory server

Versions of Sun's Java System Directory Server are vulnerable to an unspecified error in the HTTP admin interface that could expose data to unauthorized users.

A newly discovered flaw in Sun Microsystems Inc.'s LDAP-based directory server could allow unauthorized users to...

tamper with the system and execute arbitrary commands.

According to an advisory published Friday by the French Security Incident Response Team (FrSIRT) and confirmed by Danish security monitoring Web site Secunia, Sun's Java System Directory Server version 5.2, including patch 3 and prior patches, is vulnerable to an unspecified error in the HTTP admin interface that improperly handles uniquely crafted requests.

FrSIRT writes that, as a result, it is possible for remote attackers to use such requests to gain unauthorized access to a susceptible system and perform malicious actions.

Secunia has classified the problem as moderately critical. It was reportedly exposed by Peter Winter-Smith of UK-based vulnerability assessment firm NGS Software Ltd.

Affected users can eradicate the vulnerability by upgrading to System Directory Server 5.2 patch 4.

According to Sun, the Java System Directory Server is the most widely deployed general-purpose directory server based on Lightweight Director Access Protocol, with more than 1.5 billion entries. Used by enterprises to manage large volumes of user information, it is a software component of Sun's Java Identity Management Suite, the vendor's toolset for managing and securing network identity data.

Dig Deeper on Active Directory security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.