Sun

Java System Web Server

32 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2010-0389

Exploit
  • EPSS 0.44%
  • Published 25.01.2010 19:30:01
  • Last modified 11.04.2025 00:51:21

The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token.

7.5

CVE-2010-0388

Exploit
  • EPSS 1.95%
  • Published 25.01.2010 19:30:01
  • Last modified 11.04.2025 00:51:21

Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifier...

7.5

CVE-2010-0387

Exploit
  • EPSS 8.35%
  • Published 25.01.2010 19:30:01
  • Last modified 11.04.2025 00:51:21

Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string i...

10

CVE-2010-0361

Exploit
  • EPSS 88.39%
  • Published 20.01.2010 16:30:00
  • Last modified 11.04.2025 00:51:21

Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI i...

10

CVE-2010-0360

Exploit
  • EPSS 0.8%
  • Published 20.01.2010 16:30:00
  • Last modified 11.04.2025 00:51:21

Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, r...

7.5

CVE-2010-0273

Exploit
  • EPSS 2.02%
  • Published 08.01.2010 17:30:02
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. ...

7.5

CVE-2010-0272

Exploit
  • EPSS 0.57%
  • Published 08.01.2010 17:30:02
  • Last modified 09.04.2025 00:30:58

Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, t...

9.3

CVE-2009-3878

  • EPSS 0.43%
  • Published 05.11.2009 16:30:00
  • Last modified 09.04.2025 00:30:58

Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable informati...

4.3

CVE-2009-2713

  • EPSS 0.42%
  • Published 07.08.2009 19:00:01
  • Last modified 09.04.2025 00:30:58

The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensi...

2.1

CVE-2009-2712

  • EPSS 0.06%
  • Published 07.08.2009 19:00:01
  • Last modified 09.04.2025 00:30:58

Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.