Sun Java System Web Proxy Server Two Vulnerabilities (Linux) Network Vulnerability

Summary

This host has Sun Java Web Proxy Server running, which is prone to heap buffer overflow vulnerability.

Impact

Successful exploitation could allow execution of arbitrary code in the context of the server, and failed attacks may cause denial-of-service condition. Impact Level: Application

Solution

Update to version 4.0.8 or apply patches. http://www.sun.com/software/products/web_proxy/get_it.jsp NOTE: Ignore this message if patch is applied already.

Insight

The flaw exist due to a boundary error in the FTP subsystem and in processing HTTP headers. This issue resides within the code responsible for handling HTTP GET requests.

Affected

Sun Java System Web Proxy Server versions prior to 4.0.8 on all running platform.

References

http://secunia.com/advisories/32227
http://web.nvd.nist.gov/view/vuln/detail?execution=e3s1
http://www.frsirt.com/english/advisories/2008/2781
http://xforce.iss.net/xforce/xfdb/45782

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-4541
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Alleycode HTML Editor Buffer Overflow Vulnerabilities
Adobe Flash Player Buffer Overflow Vulnerability (Linux)
DATAC RealWin SCADA Server On_FC_CONNECT_FCS_a_FILE Buffer Overflow Vulnerability
DesignWorks Professional '.cct' File BOF Vulnerability
Apple iTunes 'itms:' URI Stack Buffer Overflow Vulnerability

Take action and discover your vulnerabilities