Signature Detail

HTTP: Sun Java Web Digest Buffer Overflow

This signature detects attempts to exploit a known vulnerability in Sun Java System Web Server. A successful attack can lead to arbitrary remote code execution within the context of the server.

Extended Description

Sun Java System Web Server is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. The issues affects the following: Sun Java System Web Server 7.0 without Update Release 8 Sun Java System Web Server 6.1 without Service Pack 12 Sun Java System Web Proxy Server 4.0 without Service pack 13

Affected Products

• Sun Java System Web Proxy Server 4.0
• Sun Java System Web Proxy Server 4.0.12
• Sun Java System Web Proxy Server 4.0.5
• Sun Java System Web Server 6.1
• Sun Java System Web Server 6.1.0 SP1
• Sun Java System Web Server 6.1.0 SP10
• Sun Java System Web Server 6.1.0 SP11
• Sun Java System Web Server 6.1.0 SP2
• Sun Java System Web Server 6.1.0 SP3
• Sun Java System Web Server 6.1.0 SP4
• Sun Java System Web Server 6.1.0 SP5
• Sun Java System Web Server 6.1.0 SP6
• Sun Java System Web Server 6.1.0 SP7
• Sun Java System Web Server 6.1.0 SP8
• Sun Java System Web Server 6.1.0 SP9
• Sun Java System Web Server 7.0 Update 1
• Sun Java System Web Server 7.0 Update 2
• Sun Java System Web Server 7.0 Update 3
• Sun Java System Web Server 7.0 Update 6
• Sun Java System Web Server 7.0 Update 7

References

• BugTraq: 37896
• CVE: CVE-2010-0387