Patch-ID# 136986-03


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: java_es-5 multiple container support security
Synopsis: Sun Java Web Console 3.0.2_x86: Security fixes
Date: Jun/25/2009


Install Requirements: NA

Solaris Release: 8_x86

SunOS Release: 5.8_x86

Unbundled Product: Sun Java Web Console

Unbundled Release: 3.0.2

Xref: This patch is available for Solaris SPARC as 136987, 125950, 125952, for Solaris x86 as 136986, 125951, 125953, for RHEL3.0, RHEL4.0 as 125954, for Windows Unbundled as 127534, Windows bundled with JES as 125955

Topic:

Relevant Architectures: x86

Bugs fixed with this patch:

Sun CR # Bug #
650509615367304
661407415429013
673178315498162
676355815517758


Changes incorporated in this version: 6763558

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/usr/share/webconsole/lib/SMIWebCommon.jar
/usr/share/webconsole/lib/cc.jar
/usr/share/webconsole/private/container/server/webapps/manager/WEB-INF/lib/console_manager.jar
/usr/share/webconsole/private/lib/console_admin.jar
/usr/share/webconsole/private/lib/console_config.jar
/usr/share/webconsole/private/lib/console_manager.jar
/usr/share/webconsole/private/templates/tomcat/consolelogin_conf.tpl
/usr/share/webconsole/webapps/console/WEB-INF/lib/SMIWebConsole.jar
/usr/share/webconsole/webapps/console/com_sun_web_ui/help/helpwindow.jsp
/usr/share/webconsole/webapps/console/com_sun_web_ui/help/masthead.jsp
/usr/share/webconsole/webapps/console/html/en/console_version.shtml
/usr/lib/webconsole/libwebconsole_services.so

Problem Description:

6763558 cross-site scripting (XSS) vulnerability reported in two Sun Java Web Console help jsp scripts
 
(from 136986_02)
6731783 /console/faces/jsp/login/BeginLogin.jsp (redirect_url takes arbitrary urls)
 
(from 136986_01)
6614074 adminverifier needs to bracket its privileges
6505096 Security vulnerability in Sun Java Web Console


Patch Installation Instructions:
-------------------------------- 
For Solaris 8 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/136986-03
 
The following example removes a patch from a standalone system:
 
       example# patchrm 136986-03
 
For additional examples please see the appropriate man pages.


Special Install Instructions:
-----------------------------


README -- Last modified date: Saturday, November 10, 2012