ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Desktop platforms Toolkit in association with http://ad.doubleclick.net/clk;205413468;14699245;m?http://adfarm.mediaplex.com/ad/ck/2397-58840-22058-14

Java security hole could put some servers at risk

Robert Lemos, ZDNet News ZDNet.co.uk

Published: 23 Feb 2001 10:59 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Sun Microsystems has revealed a security hole in several versions of a critical component of Java that could allow an attacker to run harmful programs on a victim's computer.

The vulnerability appears in versions of the Java Runtime Environment that Sun has released for servers running Windows, Linux and Sun's Solaris operating systems. However, the company asserts that the flaw doesn't affect the Java components included in Microsoft's Internet Explorer and Netscape's Navigator browsers.

Sun posted the bulletin to Bugtraq late Wednesday. Sun could not immediately be reached for comment.

The advisory stressed that, most likely, the flaw should affect only a few of the servers running Java."The circumstances necessary to exploit this vulnerability are relatively rare," the company said in the bulletin.

Specifically, a person must have already given Java the permission to execute at least one other command because permission to run commands is not given by default.

In a separate advisory, Hewlett-Packard warned customers as early as last week that several of its servers, including the HP9000, 700/800, and e3000, may have the vulnerable code and recommended that people upgrade their Java components.

Sun did not know whether the security flaw affected other companies' Java technology but has notified its licensees of the possibility, Sun said.

The problem affects various releases of versions 1.1 and 1.2 of the Java Runtime Environment. The company asks people to upgrade their Java software to version 1.2.2_006 or higher.

Sun's newest suite of Java components, known as Java 2, does not have the security hole, the company said.

Take me to ZDNet Enterprise

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read what others have said.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
33 out of 82 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Desktop platforms



Company/Topic Alerts

Create a new alert from the list below:









Related Jobs

Java / J2EE Developer - GAMING - LONDON - 25K - 40K

The role is to work with internal and external game teams in defining requirements for online features of game titles, designing technical solutions ...

Java Analyst Programmer. London - Finance / Trading Software

One of their products framework provides XML-based services through XML based services through Java components for developing real time, fault ...

Technical Services Analyst - Tier 1 Inv Banking - Contract

Responsible for: - Assessment of technical implications - 2nd / 3rd line support - Understand buy-side business - Design, develop, and test small ...

Featured Talkback

So if you upgrade to XP SP3 you can't uninstall Internet Explorer, I'm quite sure I'm having a Deja-vu feeling about MS preventing people from uninstalling Internet Explorer in other Windows products.

By: TheKLF99

Read full story:
Upgraders to XP SP3 warned over IE downgrades

Desktop Management Benchmarking

Test Your Desktop Management Systems

How good are your company's desktop management solutions? How do they compare with those of your peers?

Take two minutes to complete our new Desktop Management and Energy Consumption benchmark, and find out what issues your business needs to focus on.