CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 3CVE-2010-0387 – Sun Java System Web Server 6.1/7.0 - Digest Authentication Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0387
25 Jan 2010 — Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header. Multiples desbordamientos de búfer basado en memoria dinámica (heap) en el webservd y el admin server en Sun Java System Web Server v7.0 Update 7, permite a atacantes remotos provocar una denegación de servicio (caída de... • https://www.exploit-db.com/exploits/33553 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 3CVE-2010-0388 – Sun Java System Web Server 6.1/7.0 - WebDAV Format String
https://notcve.org/view.php?id=CVE-2010-0388
25 Jan 2010 — Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request. Vulnerabilidad de formato de cadena en la implementación de WebDAV en webservd en Sun Java System Web Server v7.0 Update 6, permite a atacantes remotos provocar una denegación de servicio ... • https://www.exploit-db.com/exploits/33560 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2010-0389
https://notcve.org/view.php?id=CVE-2010-0389
25 Jan 2010 — The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token. El admin server en Sun Java System Web Server v7.0 Update 6, permite a atacantes remotos provocar una denegación de servicio (deferencia a puntero NULL y caída de demonio) a través de una petición HTTP al que le falta el método "token". • http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-admin.html •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2010-0360
https://notcve.org/view.php?id=CVE-2010-0360
20 Jan 2010 — Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273. Sun Java System Web Server (también conocido como SJWS) 7.0 actualización 7 permite a atacantes remotos sobrescribir localizaciones de memoria en la pila, y descubrir lo contenido... • http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 88%CPEs: 1EXPL: 4CVE-2010-0361 – Sun Java Web Server - System WebDAV OPTIONS Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0361
20 Jan 2010 — Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request. Desbordamiento de búfer basado en pila en la implementación WebDAV en webservd en Sun Java System Web Server (tambien conocido como SJWS) 7.0 actualización 7 permite a atacantes remotos producir una denegación de servicio (caída de dem... • https://www.exploit-db.com/exploits/16314 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2010-0272
https://notcve.org/view.php?id=CVE-2010-0272
08 Jan 2010 — Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Desbordamiento de búfer basado en memoria dinámica en Sun Java System Web Server v7.0... • http://intevydis.com/sjws_demo.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2010-0273
https://notcve.org/view.php?id=CVE-2010-0273
08 Jan 2010 — Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad sin especificar en Sun Java System Web Server ... • http://intevydis.com/sjws_demo.html •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-3878
https://notcve.org/view.php?id=CVE-2009-3878
05 Nov 2009 — Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Desbordamiento de búfer en Sun Java System Web Server v7.0 Update 6 con impacto no especificado y vectores de ataque remot... • http://intevydis.com/vd-list.shtml • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2009-2712
https://notcve.org/view.php?id=CVE-2009-2712
07 Aug 2009 — Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files. Sun Java System Access Manager v6.3 2005Q1, v7.0 2005Q4, y v7.1; y OpenSSO Enterprise v8.0; cuando AMConfig.properties permite a la marca de depuración, permite a los usuarios locales descubrir contraseñas en texto claro mediante la lectura de archivos de depuración. • http://osvdb.org/56815 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2009-2713
https://notcve.org/view.php?id=CVE-2009-2713
07 Aug 2009 — The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors. El componente CDCServlet en Sun Java System Access Manager v7.0 2005Q4 y v7.1, cuando Cross Domain Single Sign On (CDSSO) está habilitado, no garantiza que "policy advice" (aviso de políticas) se presenta al cliente corr... • http://secunia.com/advisories/36167 •