Intrusion Prevention



It indicates a possible exploit of a remote command execution vulnerability in Sun Java web server, which allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag.

Affected Products

Sun Java Web Server 2.0
Sun Java Web Server 1.1.3


Execute arbitrary commands

Recommended Actions

Sun have released patch for this vulnerability.
Sun Java Web Server 1.1.3
* Sun JWS 1.1.3 Patch 3
Sun Java Web Server 2.0
* Sun JWS 2.0 Patch 3

CVE References