Sun Java System Web Server Exploits

For the past couple weeks and at least a couple more, Intevydis blog is releasing a new, 0-day exploit every day. Today’s exploit is of particular concern for myself as it has to do with Sun Java System Web Server and I administer several servers that use SJSWS.

TRACE is used as a debugging command. The idea is you send an HTTP request using the TRACE method and the web server repeats back your entire request. Best practice is to disable this feature entirely on any production or internet-facing web server. The reason being that an attacker could potentially use TRACE to steal cookie and password information.

How?

Let’s say you log into Facebook. Someone gets your browser to run some Javascript from within the Facebook domain and send a TRACE request to the Facebook web site. The server would return the cookie information used to identify your session. An attacker could then replicate that cookie on their own computer and now have access to your Facebook account.

So if you’ve been paying attention to your web server’s security you’re probably already safe against this exploit, but if not you need to learn how to disable TRACE for your web server. That link is for SJSWS folks like myself, but there are instructions on the internet for many other servers like Apache. So hit up your nearest search engine and get your server protected.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s