Sun Java System Web Server Multiple Heap-based Buffer Overflow Vulnerabilities (Linux) Network Vulnerability

Summary

This host has Sun Java Web Server running which is prone to multiple Heap-based Buffer Overflow Vulnerabilities.

Impact

Successful exploitation lets the attackers to cause the application to crash or execute arbitrary code on the system by sending an overly long request in an 'Authorization: Digest' header. Impact Level: System/Application

Solution

Upgrade to Sun Java System Web Server version 7.0 update 8 or later. For updates refer to http://www.sun.com/

Insight

An error exists in in webservd and admin server that can be exploited to overflow a buffer and execute arbitrary code on the system or cause the server to crash via a long string in an 'Authorization: Digest' HTTP header.

Affected

Sun Java System Web Server version 7.0 update 7 on Linux.

References

http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-digest.html
http://securitytracker.com/alerts/2010/Jan/1023488.html
http://xforce.iss.net/xforce/xfdb/55792

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0387
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ACDSee FotoSlate PLP Multiple Buffer Overflow Vulnerabilities
AIMP ID3 Tag Buffer Overflow Vulnerability
Adobe Flash CS3 SWF Processing Buffer Overflow Vulnerabilities
Adobe Flash Player Buffer Overflow Vulnerability (Mac OS X)
Adobe Photoshop Multiple Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities