Update Protection against Sun Java System Web Server Digest Authorization Buffer Overflow
| Check Point Reference: | CPAI-2010-109 | |
| Date Published: | ||
| Severity: | ||
| Source: | BugTraq ID: 37896 | |
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? Sun Microsystems Java System Web Proxy Server 4.0 prior to SP13 Sun Microsystems Java System Web Server 6.1 prior to SP12 Sun Microsystems Java System Web Server 7.0 prior to Update Release 8 | ||
| Vulnerability Description A buffer overflow vulnerability was reported in Sun Java System Web Server, a web server for medium to large business applications. The vulnerability is due to insufficient boundary checks when processing malformed HTTP requests. A remote unauthenticated attack can leverage this vulnerability by sending a crafted HTTP request to a target server. Successful exploitation could lead to execution of remote code. |
||
|
Update/Patch Available The vendor, Sun, has provided a patch. |
|
|
Vulnerability Details The vulnerability is due to a boundary error while parsing specially crafted headers in an HTTP PUT request. Remote unauthenticated attackers can exploit this vulnerability by sending a crafted HTTP PUT request, potentially leading to remote code execution. |
Protection Overview This protection will detect and block HTTP requests with too many Digest Authentication headers.
To configure the defense, select your product from the list below and follow the related protection steps.