Sun has released Java ASP Server 4.0.3 to address multiple vulnerabilities. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the root user or the user running the Sun Java ASP server, obtain sensitive information, or bypass security restrictions.
d-PIT encourages users to review Sun Alert 238184 and upgrade to Java ASP Server 4.0.3 or apply the workarounds listed in the Sun Alert.
Relevant URLs: https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_SMI-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=SJASP-4.0.3-OTH-G-TP@CDS-CDS_SMI
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1