Executive Summary

Summary
TitleSun Alert 275850 Multiple security vulnerabilities in the HTTP TRACE, WebDAV and Digest Authentication Methods in the Sun Java System Web Server and Sun Java System Web Proxy Server
Informations
NameSUN-275850First vendor Publication2010-02-04
VendorSunLast vendor Modification2010-02-04
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base ScoreN/AAttack RangeN/A
Cvss Impact ScoreN/AAttack ComplexityN/A
Cvss Expoit ScoreN/AAuthenticationN/A
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Sun Java System Web Server 6.1, Sun Java System Web Server 7.0, Sun Java System Web Proxy Server 4.0,

The following security vulnerabilities have been reported in the SunJava System Web Server and the Sun Java System Web Proxy Server.

BugIDs 6916389 and 6916390 describe buffer overflow and format stringvulnerabilities in the WebDAV extensions to the Sun Java System WebServer. These issues may allow remote clients to trigger a WebServer crash, thus resulting in a Denial of Service (DoS) condition.These issues may also allow remote unauthorized users to gain elevatedprivileges, enabling them to access and modify sensitive files.

BugIDs 6916391 and 6917212 describe buffer overflow issues in the DigestAuthentication methods in the Sun Java System Web Server and Sun JavaSystem Web Proxy Server, which may allow remote unprivileged users tocrash the Web Server or the Web Proxy Server, thus leading to a Denialof Service (DoS) condition. These issues may also lead to execution ofarbitrary code with elevated privileges.

BugIDs 6916392 and 6917211 describe heap overflow issues in the HTTPTRACE functionality in the Sun Java System Web Server and Sun JavaSystem Web Proxy Server, which may allow remote unprivileged users tocrash the Web Server or the Web Proxy Server, thus leading to a Denialof Service (DoS) condition. These issues may also be exploited to gainunauthorized access to sensitive information.

Sun acknowledges with thanks, Evgeny Legerov from Intevydis for discovering andreporting these issues.

State: Workaround
First released: 20-Jan-2010

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_275850_multiple_security

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2015-10-30 00:21:37
  • Multiple Updates
2013-09-05 21:20:22
  • Multiple Updates