The Sun Java web server is a web application server software that allows developers to build and deploy web applications. This vulnerability allows remote attackers to execute arbitrary commands on the server by uploading Java code to the administration module and invoking a specific servlet.
You're affected if you use Sun Java Web Server version 6 or earlier, specifically:
Check with: find / -name "sun-web-server-*.jar" 2>/dev/null
or in Solaris: find /usr/lib/sun-java5-bin -name sun-web-server.jar
Note: This CVE is specific to Sun Java Web Server and not related to other products or versions.
Immediate mitigations:
- Restrict network access to your Sun Java web server instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation
Concrete steps:
- Upgrade to a later version of Sun Java Web Server, such as 7 or 8.
- Apply the patch: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/197&type=0&nav=sec.sba