Buffer Overflow Vulnerability in Sun Java System Web Server

vendor:

Sun Java System Web Server

by:

Unknown

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Sun Java System Web Server

Affected Version From: Sun Java System Web Server 7.0 without Update Release 8

Affected Version To: Sun Java System Web Proxy Server 4.0 without Service pack 13

Patch Exists: NO

Related CWE: Unknown

CPE: a:oracle:sun_java_system_web_server

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Buffer Overflow Vulnerability in Sun Java System Web Server

The Sun Java System Web Server is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/37896/info

Sun Java System Web Server is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

The issues affects the following:

Sun Java System Web Server 7.0 without Update Release 8
Sun Java System Web Server 6.1 without Service Pack 12
Sun Java System Web Proxy Server 4.0 without Service pack 13 

buf = "PUT / HTTP/1.0\n"
buf += "Authorization: Digest "
buf += "ABCD,"*1000
buf += "\n\n"