Denial of Service : Sun Java System Web Server Denial of Service Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800161

Categoría: Denial of Service

Título: Sun Java System Web Server Denial of Service Vulnerability - Windows

Resumen: Sun Java Web Server is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
Sun Java Web Server is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
- Format string vulnerability in the WebDAV implementation in webservd that
can be exploited to cause denial of service via format string specifiers
in the encoding attribute of the XML declaration in a PROPFIND request.

- An unspecified error in admin server that can be exploited to cause
denial of service via an HTTP request that lacks a method token.

Vulnerability Impact:
Successful exploitation lets the attackers to cause a denial of service
via HTTP request that lacks a method token or format string specifiers
in PROPFIND request.

Affected Software/OS:
Sun Java System Web Server version 7.0 update 6 on Windows.
Sun Java System Web Server version 7.0 update 7 on Windows.

Solution:
No known solution was made available for at least one year
since the disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective
features, remove the product or replace the product by another one.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0388
BugTraq ID: 37910
http://www.securityfocus.com/bid/37910
http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html
XForce ISS Database: jsws-webdav-format-string(55812)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55812
Common Vulnerability Exposure (CVE) ID: CVE-2010-0389
http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-admin.html

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800161
Categoría:	Denial of Service
Título:	Sun Java System Web Server Denial of Service Vulnerability - Windows
Resumen:	Sun Java Web Server is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: Sun Java Web Server is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: - Format string vulnerability in the WebDAV implementation in webservd that can be exploited to cause denial of service via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request. - An unspecified error in admin server that can be exploited to cause denial of service via an HTTP request that lacks a method token. Vulnerability Impact: Successful exploitation lets the attackers to cause a denial of service via HTTP request that lacks a method token or format string specifiers in PROPFIND request. Affected Software/OS: Sun Java System Web Server version 7.0 update 6 on Windows. Sun Java System Web Server version 7.0 update 7 on Windows. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0388 BugTraq ID: 37910 http://www.securityfocus.com/bid/37910 http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html XForce ISS Database: jsws-webdav-format-string(55812) https://exchange.xforce.ibmcloud.com/vulnerabilities/55812 Common Vulnerability Exposure (CVE) ID: CVE-2010-0389 http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-admin.html
Copyright	Copyright (C) 2010 Greenbone AG