CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2010-0708
https://notcve.org/view.php?id=CVE-2010-0708
25 Feb 2010 — Multiple unspecified vulnerabilities in (1) ns-slapd and (2) slapd.exe in Sun Directory Server Enterprise Edition 7.0, Sun Java System Directory Server 5.2, and Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allow remote attackers to cause a denial of service (daemon crash) via a crafted LDAP search request. Múltiples vulnerabilidades sin especificar en (1) ns-slapd y (2) slapd.exe en Sun Directory Server Enterprise Edition v7.0, Sun Java System Directory Server v5.2, y Sun Java Syste... • http://sunsolve.sun.com/search/document.do?assetkey=1-21-143884-01-1 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2010-0386
https://notcve.org/view.php?id=CVE-2010-0386
25 Jan 2010 — The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398. La configuración por defecto de Sun Java System Application Server v7 y v7 2004Q2 activa el método HTTP TRACE, lo que provoca que sea mas sencillo para un atacante remoto robar las cookies y credenciales de autenticación... • http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1 • CWE-16: Configuration •
CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 3CVE-2010-0387 – Sun Java System Web Server 6.1/7.0 - Digest Authentication Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0387
25 Jan 2010 — Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header. Multiples desbordamientos de búfer basado en memoria dinámica (heap) en el webservd y el admin server en Sun Java System Web Server v7.0 Update 7, permite a atacantes remotos provocar una denegación de servicio (caída de... • https://www.exploit-db.com/exploits/33553 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 3CVE-2010-0388 – Sun Java System Web Server 6.1/7.0 - WebDAV Format String
https://notcve.org/view.php?id=CVE-2010-0388
25 Jan 2010 — Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request. Vulnerabilidad de formato de cadena en la implementación de WebDAV en webservd en Sun Java System Web Server v7.0 Update 6, permite a atacantes remotos provocar una denegación de servicio ... • https://www.exploit-db.com/exploits/33560 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2010-0389
https://notcve.org/view.php?id=CVE-2010-0389
25 Jan 2010 — The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token. El admin server en Sun Java System Web Server v7.0 Update 6, permite a atacantes remotos provocar una denegación de servicio (deferencia a puntero NULL y caída de demonio) a través de una petición HTTP al que le falta el método "token". • http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-admin.html •
CVSS: 10.0EPSS: 88%CPEs: 1EXPL: 4CVE-2010-0361 – Sun Java Web Server - System WebDAV OPTIONS Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0361
20 Jan 2010 — Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request. Desbordamiento de búfer basado en pila en la implementación WebDAV en webservd en Sun Java System Web Server (tambien conocido como SJWS) 7.0 actualización 7 permite a atacantes remotos producir una denegación de servicio (caída de dem... • https://www.exploit-db.com/exploits/16314 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2010-0360
https://notcve.org/view.php?id=CVE-2010-0360
20 Jan 2010 — Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273. Sun Java System Web Server (también conocido como SJWS) 7.0 actualización 7 permite a atacantes remotos sobrescribir localizaciones de memoria en la pila, y descubrir lo contenido... • http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2010-0311
https://notcve.org/view.php?id=CVE-2010-0311
14 Jan 2010 — Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors. Vulnerabilidad no especificada en Sun Java System Identity Manager (también conocido como IdM) v8.1.0.5 y v8.1.0.6, cuando se usa con Sun Java System Access Manager, OpenSSO Enterprise v8.0 o IBM Tivoli Access Manager, permite a atacantes remo... • http://osvdb.org/61658 •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 3CVE-2010-0313 – Sun Java System Directory Server 7.0 - 'core_get_proxyauth_dn' Denial of Service
https://notcve.org/view.php?id=CVE-2010-0313
14 Jan 2010 — The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted LDAP Search Request message. La función core_get_proxyauth_dn en ns-slapd en Sun Java System Directory Server Enterprise Edition v7.0, permite a atacantes remotos provocar una denegación de servicio (deferencia a puntero NULL y caída de demonio) a través de un mensaje LDAP Search Request manipu... • https://www.exploit-db.com/exploits/33483 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2010-0272
https://notcve.org/view.php?id=CVE-2010-0272
08 Jan 2010 — Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Desbordamiento de búfer basado en memoria dinámica en Sun Java System Web Server v7.0... • http://intevydis.com/sjws_demo.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •