• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Sun Java System Server XSLT Processing Remote Java Method Execution Vulnerability

Solution:
Sun has released an advisory along with fixes to address this issue. Please see the referenced advisory for more information.


Sun Java 2 Runtime Environment 5.0 Update 6

• Sun Java(TM) SE Runtime Environment 6 Update 2
  https://sdlc3d.sun.com/ECom/EComActionServlet;jsessionid=CBA5400D8AA57 809DF44CC8FD9124533

Sun Java 2 Standard Edition SDK 5.0 Update 7

• Sun Java(TM) SE Development Kit 6 Update 2
  https://sdlc6e.sun.com/ECom/EComActionServlet;jsessionid=D73E154087D0C 5851AB6C16902A9D960

Sun Java 2 Runtime Environment 5.0 Update 1

• Sun Java(TM) SE Runtime Environment 6 Update 2
  https://sdlc3d.sun.com/ECom/EComActionServlet;jsessionid=CBA5400D8AA57 809DF44CC8FD9124533

Sun Java 2 Runtime Environment 5.0 Update 3

• Sun Java(TM) SE Runtime Environment 6 Update 2
  https://sdlc3d.sun.com/ECom/EComActionServlet;jsessionid=CBA5400D8AA57 809DF44CC8FD9124533

Sun Java System Portal Server 7

• Sun 121913-15
  SPARC Platform
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121913-15-1


• Sun 121914-15
  x86 Platform
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121914-15-1


• Sun 121915-15
  Linux Platform
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121915-15-1

Sun Java 2 Runtime Environment 5.0.Update 12

• Sun Java(TM) SE Runtime Environment 6 Update 2
  https://sdlc3d.sun.com/ECom/EComActionServlet;jsessionid=CBA5400D8AA57 809DF44CC8FD9124533

Sun Java 2 Runtime Environment 5.0 Update 2

• Sun Java(TM) SE Runtime Environment 6 Update 2
  https://sdlc3d.sun.com/ECom/EComActionServlet;jsessionid=CBA5400D8AA57 809DF44CC8FD9124533

Sun Java 2 Standard Edition SDK 6.0 Update 1

• Sun Java(TM) SE Development Kit 6 Update 2
  https://sdlc6e.sun.com/ECom/EComActionServlet;jsessionid=D73E154087D0C 5851AB6C16902A9D960

Sun Java 2 Standard Edition SDK 5.0 Update 3

• Sun Java(TM) SE Development Kit 6 Update 2
  https://sdlc6e.sun.com/ECom/EComActionServlet;jsessionid=D73E154087D0C 5851AB6C16902A9D960

Sun Java 2 Runtime Environment 5.0 Update 8

• Sun Java(TM) SE Runtime Environment 6 Update 2
  https://sdlc3d.sun.com/ECom/EComActionServlet;jsessionid=CBA5400D8AA57 809DF44CC8FD9124533

Sun Java 2 Standard Edition SDK 5.0 Update 2

• Sun Java(TM) SE Development Kit 6 Update 2
  https://sdlc6e.sun.com/ECom/EComActionServlet;jsessionid=D73E154087D0C 5851AB6C16902A9D960

Sun Java 2 Runtime Environment 5.0 Update 11

• Sun Java(TM) SE Runtime Environment 6 Update 2
  https://sdlc3d.sun.com/ECom/EComActionServlet;jsessionid=CBA5400D8AA57 809DF44CC8FD9124533

Sun Java 2 Runtime Environment 5.0 Update 7

• Sun Java(TM) SE Runtime Environment 6 Update 2
  https://sdlc3d.sun.com/ECom/EComActionServlet;jsessionid=CBA5400D8AA57 809DF44CC8FD9124533

Sun Java System Application Server Platform Edition 8.2

• Sun 124672-02
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124672-02-1


• Sun 124673-02
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124673-02-1


• Sun 124674-02
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124674-02-1


• Sun 124680-01
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124680-01-1


• Sun 124681-01
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124681-01-1


• Sun 124682-01
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124682-01-1

Sun Java System Application Server Platform Edition 9.0 Update 1

• Sun 124609-05
  Sparc
  http://sunsolve.sun.com/search/document.do?assetkey=1-21-124609-05-1

Sun Java 2 Standard Edition SDK 5.0 Update 6

• Sun Java(TM) SE Development Kit 6 Update 2
  https://sdlc6e.sun.com/ECom/EComActionServlet;jsessionid=D73E154087D0C 5851AB6C16902A9D960

BEA Systems JRockit R27.3.1

• BEA Systems jrockit-jdk1.6.0_01-linux_ia32.tar.gz
  ftp://anonymous:dev2dev%40bea.com@ftpna.bea.com/pub/releases/security/ jrockit-jdk1.6.0_01-linux_ia32.tar.gz


• BEA Systems jrockit-jdk1.6.0_01-linux_x86_64.tar.gz
  ftp://anonymous:dev2dev%40bea.com@ftpna.bea.com/pub/releases/security/ jrockit-jdk1.6.0_01-linux_x86_64.tar.gz


• BEA Systems jrockit-jdk1.6.0_01-windows_ia32.zip
  ftp://anonymous:dev2dev%40bea.com@ftpna.bea.com/pub/releases/security/ jrockit-jdk1.6.0_01-windows_ia32.zip


• BEA Systems jrockit-jdk1.6.0_01-windows_x86_64.zip
  ftp://anonymous:dev2dev%40bea.com@ftpna.bea.com/pub/releases/security/ jrockit-jdk1.6.0_01-windows_x86_64.zip

Sun Java 2 Standard Edition SDK 5.0 Update 5

• Sun Java(TM) SE Development Kit 6 Update 2
  https://sdlc6e.sun.com/ECom/EComActionServlet;jsessionid=D73E154087D0C 5851AB6C16902A9D960

Sun Java 2 Standard Edition SDK 5.0 Update 11

• Sun Java(TM) SE Development Kit 6 Update 2
  https://sdlc6e.sun.com/ECom/EComActionServlet;jsessionid=D73E154087D0C 5851AB6C16902A9D960

Sun Java 2 Standard Edition SDK 5.0

• Sun Java(TM) SE Development Kit 6 Update 2
  https://sdlc6e.sun.com/ECom/EComActionServlet;jsessionid=D73E154087D0C 5851AB6C16902A9D960

Sun Java 2 Standard Edition SDK 5.0 Update 1

• Sun Java(TM) SE Development Kit 6 Update 2
  https://sdlc6e.sun.com/ECom/EComActionServlet;jsessionid=D73E154087D0C 5851AB6C16902A9D960

Sun Java 2 Runtime Environment 5.0

• Sun Java(TM) SE Runtime Environment 6 Update 2
  https://sdlc3d.sun.com/ECom/EComActionServlet;jsessionid=CBA5400D8AA57 809DF44CC8FD9124533

Sun Java 2 Runtime Environment 5.0.Update 10

• Sun Java(TM) SE Runtime Environment 6 Update 2
  https://sdlc3d.sun.com/ECom/EComActionServlet;jsessionid=CBA5400D8AA57 809DF44CC8FD9124533

BEA Systems JRockit 6

• BEA Systems jrockit-jdk1.6.0_01-linux_ia32.tar.gz
  ftp://anonymous:dev2dev%40bea.com@ftpna.bea.com/pub/releases/security/ jrockit-jdk1.6.0_01-linux_ia32.tar.gz


• BEA Systems jrockit-jdk1.6.0_01-linux_x86_64.tar.gz
  ftp://anonymous:dev2dev%40bea.com@ftpna.bea.com/pub/releases/security/ jrockit-jdk1.6.0_01-linux_x86_64.tar.gz


• BEA Systems jrockit-jdk1.6.0_01-windows_ia32.zip
  ftp://anonymous:dev2dev%40bea.com@ftpna.bea.com/pub/releases/security/ jrockit-jdk1.6.0_01-windows_ia32.zip


• BEA Systems jrockit-jdk1.6.0_01-windows_x86_64.zip
  ftp://anonymous:dev2dev%40bea.com@ftpna.bea.com/pub/releases/security/ jrockit-jdk1.6.0_01-windows_x86_64.zip

Sun Java 2 Standard Edition SDK 5.0 Update 4

• Sun Java(TM) SE Development Kit 6 Update 2
  https://sdlc6e.sun.com/ECom/EComActionServlet;jsessionid=D73E154087D0C 5851AB6C16902A9D960

Sun Java 2 Standard Edition SDK 5.0 Update 8

• Sun Java(TM) SE Development Kit 6 Update 2
  https://sdlc6e.sun.com/ECom/EComActionServlet;jsessionid=D73E154087D0C 5851AB6C16902A9D960

Sun Java 2 Runtime Environment 5.0 Update 4

• Sun Java(TM) SE Runtime Environment 6 Update 2
  https://sdlc3d.sun.com/ECom/EComActionServlet;jsessionid=CBA5400D8AA57 809DF44CC8FD9124533

Sun Java 2 Standard Edition SDK 5.0 Update 9

• Sun Java(TM) SE Development Kit 6 Update 2
  https://sdlc6e.sun.com/ECom/EComActionServlet;jsessionid=D73E154087D0C 5851AB6C16902A9D960

Sun Java 2 Standard Edition SDK 5.0 Update 10

• Sun Java(TM) SE Development Kit 6 Update 2
  https://sdlc6e.sun.com/ECom/EComActionServlet;jsessionid=D73E154087D0C 5851AB6C16902A9D960

Sun Java System Application Server Platform Edition 9.0

• Sun 124610-05
  x86
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124610-05-1


• Sun 124611-05
  linux
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124611-05-1


• Sun 124612-05
  windows
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124612-05-1

Sun Java System Application Server Enterprise Edition 8.2

• Sun 124672-02
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124672-02-1


• Sun 124673-02
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124673-02-1


• Sun 124674-02
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124674-02-1


• Sun 124675-01
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124675-01-1


• Sun 124676-01
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124676-01-1


• Sun 124677-01
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124677-01-1


• Sun 124678-01
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124678-01-1


• Sun 124684-02
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124684-02-1

Sun Java System Web Server 7.0

• Sun 124611-05
  windows
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125441-06-1


• Sun 125437-07
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125437-07-1


• Sun 125438-07
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125438-07-1


• Sun 125439-07
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125439-07-1


• Sun 125440-01
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125440-01-1


• Sun 125440-01
  HU-UX
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125440-01-1


• Sun 125440-07
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125440-07-1


• Sun 125441-06
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125441-06-1


• Sun 125441-07
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125441-07-1


• Sun Sun Java System Web Server 7.0 Update 1
  http://www.sun.com/download/products.xml?id=467713d6

Sun Java 2 Standard Edition SDK 5.0 Update 12

• Sun Java(TM) SE Development Kit 6 Update 2
  https://sdlc6e.sun.com/ECom/EComActionServlet;jsessionid=D73E154087D0C 5851AB6C16902A9D960

Sun Java 2 Runtime Environment 6.0 Update 1

• Sun Java(TM) SE Runtime Environment 6 Update 2
  https://sdlc3d.sun.com/ECom/EComActionServlet;jsessionid=CBA5400D8AA57 809DF44CC8FD9124533

Sun Java 2 Runtime Environment 5.0 Update 5

• Sun Java(TM) SE Runtime Environment 6 Update 2
  https://sdlc3d.sun.com/ECom/EComActionServlet;jsessionid=CBA5400D8AA57 809DF44CC8FD9124533

Sun Java 2 Runtime Environment 5.0.Update 9

• Sun Java(TM) SE Runtime Environment 6 Update 2
  https://sdlc3d.sun.com/ECom/EComActionServlet;jsessionid=CBA5400D8AA57 809DF44CC8FD9124533