Sun has released Java ASP Server 4.0.3 to address multiple vulnerabilities. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the root user or the user running the Sun Java ASP server, obtain sensitive information, or bypass security restrictions.

US-CERT encourages users to review Sun Alert 238184 and upgrade to Java ASP Server 4.0.3 or apply the workarounds listed in the Sun Alert.

Read more: US-CERT Current Activity