Sun Java System Web Server Two Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 21 Jan 2010 4470 Views

RISK: Medium Risk

Medium Risk

Some vulnerabilities have been reported in Sun Java System Web Server, which can be exploited by malicious people to disclose sensitive information and potentially compromise a vulnerable system.

1. Due to a boundary error when processing the "OPTIONS" requests which can be exploited to cause a stack-based buffer overflow via an overly long path name in the request.Successful exploitation allows execution of arbitrary code, but may require that DAV support is enabled.

2. Due to an error in the processing of "TRACE" requests which can be exploited to cause a heap-based buffer overflow and allows disclosing potentially sensitive information.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Sun Java System Web Server 7.x

Solutions

There is no patch available for this vulnerability currently.

    Workaround:
  • Restrict network access to the affected service.
  • Filter malicious requests using the affected methods.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

RealNetworks RealPlayer Multiple Code Execution Vulnerabilities

21 Jan 2010 4451 Views

Next

Microsoft Internet Explorer Multiple Vulnerabilities ( 22 January 2010 )

22 Jan 2010 4343 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY