Sun Java System Web Server 7.0 Update 2 Release Notes

Security

The following table lists the known issues in the security area of Web Server.

Table 11 Known Issues in Security

Problem ID 

Description 

6376901 

Limitation supporting basic and digest-based ACLs for resources in the same directory.

If the server uses digest and basic-based ACLs in different parts of their doc tree, attempting to use both simultaneously on different files or resources in the same directory is not possible. 

6431287 

TLS_ECDH_RSA_* require the server cert signed with RSA keys.

Cipher suites of the form TLS_ECDH_RSA_* requires server to have an ECC keypair with a cert signed using RSA keys. Note that this precludes using these cipher suites with self-signed certificates. This requirement is inherent to these cipher suites and is not a bug. The server should detect and warn about wrong configurations related to these cipher suites but currently it does not do so.

6611067 

Red Hat Enterprise Linux instance fails to start when the file system SELinux security is enabled.

Newer Linux distributions have new kernel security extensions enabled from the SELinux project. These extensions allow finer grained control over system security. However, SELinux also changes some default system behaviors, such as shared library loading that can be problematic to third-party programs. If you receive the error message “Cannot restore segment prot after reloc: Permission denied" when starting the Web Server Admin Server or instance, that means the system is SELinux enabled. 

Workaround

To overcome this failure: 

  1. Change the default security context for the libraries loaded by the Web Server by typing the following command:


    chcon -t texrel_shlib_t $WS_DIR/lib/*.so
  2. Disable SELinux by adding the following line to the /etc/sysconfig/selinux file.


    SELINUX=disabled

6602075 

Sun crypto 1000 with Web Server needs Solaris 10 patch 125465-02 (SPARC) and 125466-02 (x86).

Workaround

The required patch for the Solaris 10 platform (SPARC) is available here: 

http://sunsolve.central.sun.com/search/document.do?assetkey=1-21-125465-02-1

The required patch for the Solaris 10 platform (x86) is available here:  

http://sunsolve.central.sun.com/search/document.do?assetkey=1-21-125466