[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Informations about old Sun-java-System-Web-Server/7.0

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Informations about old Sun-java-System-Web-Server/7.0
From: Cédric Jeanneret <disclosure@xxxxxxxx>
Date: Thu, 15 Mar 2012 10:13:08 +0200

Hello list!

I recently discovered that a sensible state service is running the 
mentioned java web server (Sun-java-System-Web-Server/7.0).
After some quick wikipedia researches, I found out that it's quiet old 
(2009: opensourced by Sun; 2010: renamed by Oracle)..

Does any of you know about security holes, or, better, known bugs of 
this app ?

My aim is to point them, so that the state may consider to change it 
(for something up-to-date, or, better, real opensource)

I know that our dear Oracle loves to keep security holes/bugs secret, 
but hey, we're on Internet. Anything can be known ;). I just don't know 
where to search - google (and others) return the default webpage served 
by a LOT of servers (yeah, the "it works" thing)...

Thanks in advance!

C.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Oracle Exadata Infiniband Switch default logins and world readable shadow file
Next by Date: Re: [Full-disclosure] [Security-news] SA-CONTRIB-2012-040 - CKEditor and FCKeditor - multiple XSS, arbitrary code execution
Previous by thread: Re: [Full-disclosure] Oracle Exadata Infiniband Switch default logins and world readable shadow file
Next by thread: [Full-disclosure] Earth to Facebook
Index(es):
- Date
- Thread