7 matches found
CVE-2010-0361
CVE-2010-0361 affects Sun Java System Web Server (SJWS) 7.0 Update 7, specifically the WebDAV handler: a stack-based buffer overflow in the WebDAV implementation of webservd can be triggered by a long URI in an HTTP OPTIONS request. Public exploit code and reports indicate remote attacker can cau...
CVE-2010-0273
Affected product/versions: Sun Java System Web Server 7.0 Update 7 (and related disclosures mentioning 7.0 Update 6/7). Vulnerability/root cause: Remote attackers can overwrite heap memory and read memory contents by sending a malformed HTTP TRACE request containing a long URI and many empty head...
CVE-2010-0360
The Sun Java System Web Server 7.0 Update 7 contains a heap-based memory overflow in the HTTP TRACE path. Specifically, a malformed TRACE request with a long URI and many empty headers can cause heap corruption and expose memory contents, enabling remote attackers to overwrite and read heap memor...
CVE-2010-0387
Summary: CVE-2010-0387 affects Sun Java System Web Server 7.0 Update 7 and is caused by multiple heap-based buffer overflows in webservd and the admin server. The issue can be triggered by a long value in the Authorization: Digest HTTP header, leading to a denial of service via daemon crash and p...
CVE-2010-0272
CVE-2010-0272 is discussed across multiple sources as a Sun Java System Web Server 7.0–era issue. Connected Red Hat data ties CVE-2010-0360 to a heap-overflow condition caused by a malformed HTTP TRACE request that can overwrite and reveal memory contents, suggesting a related memory-overwrite vu...
CVE-2010-0389
CVE-2010-0389 affects Sun Java System Web Server 7.0 Update 6 (admin server). The vulnerability is a NULL pointer dereference in the admin server that can be triggered by an HTTP request missing a method token, leading to a denial of service (daemon crash). OpenVAS/OpenVAS-derived entries and Red...
CVE-2010-0388
CVE-2010-0388 affects Sun Java System Web Server 7.0 Update 6 WebDAV/WEB service (webservd). The issue is a format string vulnerability in the XML declaration encoding attribute in PROPFIND requests within WebDAV, allowing remote attackers to trigger a daemon crash (DoS) and potentially other imp...