1772 matches found
Null pointer dereference
The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an HTTP request that lacks a method token...
CVE-2010-0389
The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an HTTP request that lacks a method token...
CVE-2010-0389
CVE-2010-0389 affects Sun Java System Web Server 7.0 Update 6 (admin server). The vulnerability is a NULL pointer dereference in the admin server that can be triggered by an HTTP request missing a method token, leading to a denial of service (daemon crash). OpenVAS/OpenVAS-derived entries and Red...
CVE-2010-0387
Multiple heap-based buffer overflows in 1 webservd and 2 the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service daemon crash and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header...
CVE-2010-0386
CVE-2010-0386 affects Sun Java System Application Server 7 and 7 2004Q2. The default config enables HTTP TRACE, enabling remote attackers to steal cookies and authentication credentials via cross-site tracing (XST); related to CVE-2004-2763 and CVE-2005-3398. The connected documents provide the v...
CVE-2010-0387
Summary: CVE-2010-0387 affects Sun Java System Web Server 7.0 Update 7 and is caused by multiple heap-based buffer overflows in webservd and the admin server. The issue can be triggered by a long value in the Authorization: Digest HTTP header, leading to a denial of service via daemon crash and p...
CVE-2010-0388
Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service daemon crash and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaratio...
CVE-2010-0386
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and CVE-2005-3398...
CVE-2010-0388
CVE-2010-0388 affects Sun Java System Web Server 7.0 Update 6 WebDAV/WEB service (webservd). The issue is a format string vulnerability in the XML declaration encoding attribute in PROPFIND requests within WebDAV, allowing remote attackers to trigger a daemon crash (DoS) and potentially other imp...
PT-2010-2169
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and CVE-2005-3398...
Sun Java System Web Server 7.0 Update 6 - admin Server Denial of Service
Sun Java System Web Server 7.0 Update 6 - admin Server Denial of Service source: https://www.securityfocus.com/bid/37909/info Sun Java System Web Server is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the effected application, denying service to legitima...
Sun Java System Web Server 6.1/7.0 - WebDAV Format String
source: https://www.securityfocus.com/bid/37910/info Sun Java System Web Server is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input. The issue affects the WebDAV functionality. Currently very few technical details are available. We will update this...
Sun Java System Web Server 7.0 Update 6 - 'admin' Server Denial of Service
source: https://www.securityfocus.com/bid/37909/info Sun Java System Web Server is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the effected application, denying service to legitimate users. Sun Java System Web Server 7.0 Update 6 is affected; other...
Sun Java System Web Server 6.17.0 - WebDAV Format String
Sun Java System Web Server 6.17.0 - WebDAV Format String source: https://www.securityfocus.com/bid/37910/info Sun Java System Web Server is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input. The issue affects the WebDAV functionality. Currently very...
Sun Java System Web Server 6.17.0 - Digest Authentication Remote Buffer Overflow
Sun Java System Web Server 6.17.0 - Digest Authentication Remote Buffer Overflow source: https://www.securityfocus.com/bid/37896/info Sun Java System Web Server is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data...
Sun Java System Web Server 6.1/7.0 - Digest Authentication Remote Buffer Overflow
source: https://www.securityfocus.com/bid/37896/info Sun Java System Web Server is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the...
Stack overflow
Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server aka SJWS 7.0 Update 7 allows remote attackers to cause a denial of service daemon crash and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request...
CVE-2010-0360
Sun Java System Web Server aka SJWS 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap...
Design/Logic Flaw
Sun Java System Web Server aka SJWS 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap...
CVE-2010-0360
The Sun Java System Web Server 7.0 Update 7 contains a heap-based memory overflow in the HTTP TRACE path. Specifically, a malformed TRACE request with a long URI and many empty headers can cause heap corruption and expose memory contents, enabling remote attackers to overwrite and read heap memor...