Intrusion Prevention

Sun.Java.Web.Server.Admin.Servlet.Board.Access

Description

It indicates a possible exploit of a remote command execution vulnerability in Sun Java web server, which allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag.

Affected Products

Sun Java Web Server 2.0
Sun Java Web Server 1.1.3

Impact

Execute arbitrary commands

Recommended Actions

Sun have released patch for this vulnerability.
Sun Java Web Server 1.1.3
* Sun JWS 1.1.3 Patch 3
http://java.sun.com/products/java-server/jws113patch3.html
Sun Java Web Server 2.0
* Sun JWS 2.0 Patch 3
http://java.sun.com/products/java-server/jws20patch3.html

CVE References

CVE-2000-0812