CVE-2010-0360

Exploit

EPSS 0.8%
Veröffentlicht 20.01.2010 16:30:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sun ≫ Java System Web Server Version7.0 Updateupdate_7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.8%	0.731

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://intevydis.com/vd-list.shtml

http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.html

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2010-0360

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-0360

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-0360

EUVD