Sun Java System Web Proxy Server fails to properly process malformed packets

Overview A vulnerability in the way Sun Java System Web Proxy Server processes malformed packets may allow execution of arbitrary code. Description SOCKS is a network protocol that provides a framework that allows client-server applications to securely use network firewall services. A vulnerabili...

Sun Java System Web Proxy sockd buffer overflow

Added: 05/30/2007 CVE: CVE-2007-2881 BID: 24165 OSVDB: 35841 Background The Sun Java System Web Proxy Server formerly Sun ONE Web Proxy Server provides content filtering and caching capabilities. It is a companion product to the Sun Java System Web Server. Problem A buffer overflow vulnerability ...

Sun Java System Web Proxy sockd buffer overflow

Added: 05/30/2007 CVE: CVE-2007-2881 BID: 24165 OSVDB: 35841 Background The Sun Java System Web Proxy Server formerly Sun ONE Web Proxy Server provides content filtering and caching capabilities. It is a companion product to the Sun Java System Web Server. Problem A buffer overflow vulnerability ...

Sun Java System Web Proxy sockd buffer overflow

Added: 05/30/2007 CVE: CVE-2007-2881 BID: 24165 OSVDB: 35841 Background The Sun Java System Web Proxy Server formerly Sun ONE Web Proxy Server provides content filtering and caching capabilities. It is a companion product to the Sun Java System Web Server. Problem A buffer overflow vulnerability ...

Sun Java System Web Proxy sockd buffer overflow

Added: 05/30/2007 CVE: CVE-2007-2881 BID: 24165 OSVDB: 35841 Background The Sun Java System Web Proxy Server formerly Sun ONE Web Proxy Server provides content filtering and caching capabilities. It is a companion product to the Sun Java System Web Server. Problem A buffer overflow vulnerability ...

CVE-2007-2466

Unspecified vulnerability in the LDAP Software Development Kit SDK for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service crash via certain BER encodings...

CVE-2007-2466

CVE-2007-2466 affects the LDAP Software Development Kit (SDK) for C used in Sun Java System Directory Server 5.2 (up to Patch 4) and Sun ONE Directory Server 5.1. The vulnerability is described as unspecified but enables remote attackers to cause a denial of service (crash) via certain BER encodi...

Solaris 10 (x86) : 122794-36 (deprecated)

Sun Java System Communications Express 6.3-23.01x86: core patch. Date this patch was last updated by Sun : Jun/25/12 This plugin has been deprecated and either replaced with individual 122794 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security,...

Solaris 10 (sparc) : 122793-36 (deprecated)

Sun Java System Communications Express 6.3-23.01: core patch. Date this patch was last updated by Sun : Jun/25/12 This plugin has been deprecated and either replaced with individual 122793 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Solaris 9 (sparc) : 122793-36

Sun Java System Communications Express 6.3-23.01: core patch. Date this patch was last updated by Sun : Jun/25/12 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

Sun Java System Directory Server未初始化指针远程内存破坏漏洞

Sun Java System Directory Server是一款由Sun公司开发的LDAP服务器。 Sun Java System Directory Server存在设计错误，远程攻击者可以利用漏洞对服务程序进行拒绝服务攻击。 问题存在于针对部分失败查询类型的清理代码中，可导致服务器调用free，并从未初始化内存中获取地址，非法内存的引用可导致拒绝服务攻击。 Sun Java System Directory Server 5.2 可参考如下补丁程序： http://sunsolve.sun.com/search/document.do?assetkey=1-26-102853-...

CVE-2006-4175

The CVE-2006-4175 issue affects Sun Java System Directory Server and ONE Directory Server (ns-slapd) versions 5.2 Patch4 and earlier, and 5.1/5.2 for ONE. Affected component: LDAP server; root cause: malformed BER queries in the BER decoding/cleanup path lead to a free of uninitialized memory. Im...

CVE-2006-4175

The LDAP server ns-slapd in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service crash via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations...

iDefense Security Advisory 03.23.07: Sun Java System Directory Server 5.2 Uninitialized Pointer Cleanup Design Error Vulnerability

Sun Java System Directory Server 5.2 Uninitialized Pointer Cleanup Design Error Vulnerability iDefense Security Advisory 03.23.07 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 23, 2007 I. BACKGROUND Sun Java System Directory Server is an LDAP server distributed by Sun with multiple...

CVE-2007-1526

CVE-2007-1526 affects Sun Java System Web Server 6.1 prior to 20070314. The flaw allows remote authenticated users with revoked client certificates to bypass CRL checks and access secure web server instances running under a different admin account via unspecified vectors. Remediation in the conne...

Code injection

Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application...

CVE-2007-1488

Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application...

CVE-2007-1488

Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application...

Sun Java System Web Server证书撤销访问控制绕过漏洞

Sun Java系统应用和WEB服务器都是与J2EE平台兼容的应用服务器。 Sun Java System Web Server中的安全漏洞可能允许本地或远程用户获取对某些Web服务器例程的授权访问。 如果通过管理服务器创建了安全的Web服务器例程做为非root例程且将改管理服务器配置为以root用户权限运行的话，则这个漏洞可能允许拥有已撤销客户端证书的用户在某些条件下访问Web服务器例程，即使该例程已经安装了有效的证书撤销列表（CRL）文件。 仅在满足以下两个条件下这个漏洞才会影响主机： 1 包含有满足某些标准的证书撤销列表（CRL） 2...

Heap overflow

Integer underflow in the SSLv2 support in Mozilla Network Security Services NSS before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to...