CVE-2010-0273

Affected product/versions: Sun Java System Web Server 7.0 Update 7 (and related disclosures mentioning 7.0 Update 6/7). Vulnerability/root cause: Remote attackers can overwrite heap memory and read memory contents by sending a malformed HTTP TRACE request containing a long URI and many empty head...

CVE-2010-0273

Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vdsjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no...

CVE-2010-0272

CVE-2010-0272 is discussed across multiple sources as a Sun Java System Web Server 7.0–era issue. Connected Red Hat data ties CVE-2010-0360 to a heap-overflow condition caused by a malformed HTTP TRACE request that can overwrite and reveal memory contents, suggesting a related memory-overwrite vu...

Sun Java System Web Server 6.17.0 - TRACE Heap Buffer Overflow (PoC)

Sun Java System Web Server 6.17.0 - TRACE Heap Buffer Overflow PoC source: https://www.securityfocus.com/bid/37648/info Sun Java System Web Server is prone to a remote heap-based buffer-overflow vulnerability. Attackers can exploit this issue to crash the affected application or to obtain...

Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow (PoC)

source: https://www.securityfocus.com/bid/37648/info Sun Java System Web Server is prone to a remote heap-based buffer-overflow vulnerability. Attackers can exploit this issue to crash the affected application or to obtain potentially sensitive information that may aid in further attacks. The...

Sun Java System DSEE Multiple Vulnerabilities - Windows

Sun Java System Directory Server Enterprise Edition DSEE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Sun Java System DSEE Multiple Vulnerabilities (Windows)

This host is running Sun Java System Directory Server Enterprise Edition DSEE and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodsunjavadirservermultvulnwin.nasl 5401 2017-02-23 09:46:07Z teissa $ Sun Java System DSEE Multiple Vulnerabilities Windows Authors: Sharath ...

Sun Java JRE getSoundbank file:// URI Buffer Overflow

$Id: javagetsoundbankbof.rb 7903 2009-12-17 05:22:40Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Sun Java System Directory Proxy Server 6.x < 6.3.1.1 Multiple Vulnerabilities.

The remote host is running the Sun Java System Directory Proxy Server, an LDAP application-layer protocol gateway. It is typically provided with Sun Java System Directory Server Enterprise Edition. The installed version of Sun Java System Directory Proxy Server is older than 6.3.1.1 and thus...

Sun Java

Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x?before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. Su...

CVE-2009-4441

Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SOKEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service connection slot exhaustion via multiple connections, aka Bug Id 6782659...

CVE-2009-4442

Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service connection slot exhaustion by making multiple connections an...

Code injection

Unspecified vulnerability in the psearch aka persistent search functionality in Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service psearch outage by using a crafted psearch client to send request...

Directory traversal

Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SOKEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service connection slot exhaustion via multiple connections, aka Bug Id 6782659...

Code injection

Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service connection slot exhaustion by making multiple connections an...

Design/Logic Flaw

Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges o...

CVE-2009-4440

Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges o...

CVE-2009-4443

Unspecified vulnerability in the psearch aka persistent search functionality in Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service psearch outage by using a crafted psearch client to send request...

CVE-2009-4441

CVE-2009-4441 affects Sun Java System Directory Proxy Server (DPS) 6.x prior to 6.3.1.1, bundled with Sun Java System Directory Server Enterprise Edition. The root cause is that DPS/DSEE fails to enable the SO_KEEPALIVE socket option, enabling remote attackers to cause a denial of service via con...

CVE-2009-4441

Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SOKEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service connection slot exhaustion via multiple connections, aka Bug Id 6782659...