Java System Web Server Security Vulnerabilities and Issues — Java System Web Server CVE List

Lucene search

SunJava System Web Server

7 matches found

CVE•added 2010/01/20 4:30 p.m.•92 views

CVE-2010-0361

Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request.

10CVSS7.4AI score0.88394EPSS

CVE•added 2010/01/25 7:30 p.m.•53 views

CVE-2010-0387

Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header.

7.5CVSS7.5AI score0.08347EPSS

CVE•added 2010/01/08 5:30 p.m.•52 views

CVE-2010-0273

Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no acti...

7.5CVSS7.7AI score0.02024EPSS

CVE•added 2010/01/20 4:30 p.m.•50 views

CVE-2010-0360

Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap...

10CVSS6AI score0.02024EPSS

CVE•added 2010/01/08 5:30 p.m.•47 views

CVE-2010-0272

Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. Howe...

7.5CVSS7AI score0.0057EPSS

CVE•added 2010/01/25 7:30 p.m.•46 views

CVE-2010-0389

The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token.

5CVSS6.7AI score0.00444EPSS

CVE•added 2010/01/25 7:30 p.m.•37 views

CVE-2010-0388

Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaratio...

7.5CVSS7.2AI score0.01951EPSS