Skip to main content

Sun Java System Web Server Two Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 21 Jan 2010 5369 Views

RISK: Medium Risk

Some vulnerabilities have been reported in Sun Java System Web Server, which can be exploited by malicious people to disclose sensitive information and potentially compromise a vulnerable system.

1. Due to a boundary error when processing the "OPTIONS" requests which can be exploited to cause a stack-based buffer overflow via an overly long path name in the request.Successful exploitation allows execution of arbitrary code, but may require that DAV support is enabled.

2. Due to an error in the processing of "TRACE" requests which can be exploited to cause a heap-based buffer overflow and allows disclosing potentially sensitive information.


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Sun Java System Web Server 7.x

Solutions

There is no patch available for this vulnerability currently.

    Workaround:
  • Restrict network access to the affected service.
  • Filter malicious requests using the affected methods.


Vulnerability Identifier

  • No CVE information is available

Source


Related Link