In a safety announcement, Sun Microsystems said that there is a security vulnerability in its Java software, which may make some servers running Java software easily attacked by hackers. This security announcement has been posted on the BugTraq security list. According to Sun, this security vulnerability can affect the 1.1 and 1.2 version of the 1.1 and 1.2 version of the Linux, Windows and Solaris operating systems. However, this security vulnerability does not affect Microsoft's IE browser and Navigator browser for web. Sun is pointed out in the security announcement that if you want to use this security vulnerability, an attacker must approve from the server and can run at least one Java instruction. SUN pointed out: "Since the default settings do not approve such requests, this security vulnerability can be used very small." Sun does not rule out such a possibility, that is, this security vulnerability may affect Java-based technology developed by other enterprises. . However, the company also pointed out that it has notified the Java licensed business and provides them with patch. Sun said that its new Java 2 platform has been patched this security vulnerability. However, this security vulnerability may also have an impact on the 1.1.6 and 1.1.7b version of Java developer tools. SUN recommends that users upgrade the Java runtime environment and Java developer tools as soon as possible (Sun suggests that users will upgrade their Java software to 1.2.2_006 or higher).
More detailed information about this security vulnerability can be found in the archive part of BuQtraq, address is: www.securityfocus.com.
