Executive Summary
Summary | |
---|---|
Title | Sun Alert 275850 Multiple security vulnerabilities in the HTTP TRACE, WebDAV and Digest Authentication Methods in the Sun Java System Web Server and Sun Java System Web Proxy Server |
Informations | |||
---|---|---|---|
Name | SUN-275850 | First vendor Publication | 2010-02-04 |
Vendor | Sun | Last vendor Modification | 2010-02-04 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | N/A | Attack Range | N/A |
Cvss Impact Score | N/A | Attack Complexity | N/A |
Cvss Expoit Score | N/A | Authentication | N/A |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Sun Java System Web Server 6.1, Sun Java System Web Server 7.0, Sun Java System Web Proxy Server 4.0, The following security vulnerabilities have been reported in the SunJava System Web Server and the Sun Java System Web Proxy Server. BugIDs 6916389 and 6916390 describe buffer overflow and format stringvulnerabilities in the WebDAV extensions to the Sun Java System WebServer. These issues may allow remote clients to trigger a WebServer crash, thus resulting in a Denial of Service (DoS) condition.These issues may also allow remote unauthorized users to gain elevatedprivileges, enabling them to access and modify sensitive files. BugIDs 6916391 and 6917212 describe buffer overflow issues in the DigestAuthentication methods in the Sun Java System Web Server and Sun JavaSystem Web Proxy Server, which may allow remote unprivileged users tocrash the Web Server or the Web Proxy Server, thus leading to a Denialof Service (DoS) condition. These issues may also lead to execution ofarbitrary code with elevated privileges. BugIDs 6916392 and 6917211 describe heap overflow issues in the HTTPTRACE functionality in the Sun Java System Web Server and Sun JavaSystem Web Proxy Server, which may allow remote unprivileged users tocrash the Web Server or the Web Proxy Server, thus leading to a Denialof Service (DoS) condition. These issues may also be exploited to gainunauthorized access to sensitive information. Sun acknowledges with thanks, Evgeny Legerov from Intevydis <www.intevydis.com> for discovering andreporting these issues. State: Workaround First released: 20-Jan-2010 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_275850_multiple_security |
Alert History
Date | Informations |
---|---|
2015-10-30 00:21:37 |
|
2013-09-05 21:20:22 |
|