---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Sun Multiple Products XML Parsing Denial of Service SECUNIA ADVISORY ID: SA37754 VERIFY ADVISORY: http://secunia.com/advisories/37754/ DESCRIPTION: A vulnerability has been reported in Sun Java System Application Server and Sun GlassFish Enterprise Server, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #9 in: SA36159 The vulnerability is reported in Sun GlassFish Enterprise Server version 2.1 and Sun Java System Application Server version 8.0, 8.1, and 8.2 on SPARC, x86, Linux, and Windows platforms. SOLUTION: Apply patches. -- SPARC Platform -- Sun GlassFish Enterprise Server v2.1 with HADB - Package Based: Apply patch 128640-13 (for customers with a valid support contract) or 141709-02 (for customers without a valid support contract), or later. Sun GlassFish Enterprise Server v2.1 with HADB: Apply patch 128643-13 (for customers with a valid support contract) or 141700-02 (for customers without a valid support contract), or later. Sun Java System Application Server 8.1: Apply patch 119166-39 (Enterprise Edition package based) or 119169-32 (Enterprise Edition file based), or later. Sun Java System Application Server 8.2: Apply patch 124672-13 (Enterprise Edition package based) or 124675-12 (Enterprise Edition file based), or later. -- x86 Platform -- Sun GlassFish Enterprise Server v2.1 with HADB - Package Based: Apply patch 128641-13 (for customers with a valid support contract) or 141710-02 (for customers without a valid support contract), or later. Sun GlassFish Enterprise Server v2.1 with HADB: Apply patch 128644-13 (for customers with a valid support contract) or 141701-02 (for customers without a valid support contract), or later. Sun Java System Application Server 8.1: Apply patch 119167-39 (Enterprise Edition package based) or 119170-32 (Enterprise Edition file based), or later. Sun Java System Application Server 8.2: Apply patch 124673-13 (Enterprise Edition package based) or 124676-12 (Enterprise Edition file based), or later. -- Linux -- Sun GlassFish Enterprise Server v2.1 with HADB - Package Based: Apply patch 128642-13 (for customers with a valid support contract) or 141711-02 (for customers without a valid support contract), or later. Sun GlassFish Enterprise Server v2.1 with HADB: Apply patch 128645-13 (for customers with a valid support contract) or 141702-02 (for customers without a valid support contract), or later. Sun Java System Application Server 8.1: Apply patch 119168-39 (Enterprise Edition package based) or 119171-32 (Enterprise Edition file based), or later. Sun Java System Application Server 8.2: Apply patch 124674-13 (Enterprise Edition package based) or 124677-12 (Enterprise Edition file based), or later. -- Windows -- Sun GlassFish Enterprise Server v2.1 with HADB: Apply patch 128646-13 (for customers with a valid support contract) or 141703-02 (for customers without a valid support contract), or later. Sun Java System Application Server 8.1: Apply patch 122848-24 (Enterprise Edition package based) or 119172-32 (Enterprise Edition file based), or later. Sun Java System Application Server 8.2: Apply patch 124684-14 (Enterprise Edition package based) or 124678-12 (Enterprise Edition file based), or later. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1 OTHER REFERENCES: SA36159: http://secunia.com/advisories/36159/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------