Update Protection against Sun Java System Web Server Digest Authorization Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2010-037 | |
| Date Published: | ||
| Severity: | ||
| Source: | SecurityFocus Bugtraq ID: 37896 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Sun Microsystems Java System Web Proxy Server 4.0 prior to SP13 Sun Microsystems Java System Web Server 6.1 prior to SP12 Sun Microsystems Java System Web Server 7.0 prior to Update Release 8 | ||
| Vulnerability Description A buffer overflow vulnerability has been reported in Sun Java System Web Server. Sun Microsystems' Java System Web Server is a high performance web server for medium to large business applications. A remote attacker may exploit this vulnerability to execute arbitrary code on a target server. |
||
|
Update/Patch Available Apply patches: Sun |
|
|
Vulnerability Details The vulnerability is due to insufficient boundary checks by the Sun Java Web Server when processing malformed HTTP requests. A remote attacker may trigger this vulnerability by sending a specially crafted HTTP request to a target server. Successful exploitation of this issue would allow the attacker to inject and execute arbitrary code on the affected server. |
Protection Overview
This protection will detect and block malformed HTTP requests sent to the vulnerable server.
In order for the protection to be activated, update your Security Gateway/VPN-1 product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.