Check Point Advisories

Update Protection against Sun Java System Web Server Digest Authorization Buffer Overflow

Check Point Reference: CPAI-2010-109
Date Published: 19 Feb 2010
Severity: Critical
Last Updated: Friday 01 January, 2010
Source: BugTraq ID: 37896
Protection Provided by:
Who is Vulnerable? Sun Microsystems Java System Web Proxy Server 4.0 prior to SP13
Sun Microsystems Java System Web Server 6.1 prior to SP12
Sun Microsystems Java System Web Server 7.0 prior to Update Release 8
Vulnerability Description A buffer overflow vulnerability was reported in Sun Java System Web Server, a web server for medium to large business applications. The vulnerability is due to insufficient boundary checks when processing malformed HTTP requests. A remote unauthenticated attack can leverage this vulnerability by sending a crafted HTTP request to a target server. Successful exploitation could lead to execution of remote code.
Update/Patch AvaliableThe vendor, Sun, has provided a patch.
Vulnerability DetailsThe vulnerability is due to a boundary error while parsing specially crafted headers in an HTTP PUT request. Remote unauthenticated attackers can exploit this vulnerability by sending a crafted HTTP PUT request, potentially leading to remote code execution.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK