CVE-2010-0387
Sun Java System Web Server 6.1/7.0 - Digest Authentication Remote Buffer Overflow
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header.
Multiples desbordamientos de búfer basado en memoria dinámica (heap) en el webservd y el admin server en Sun Java System Web Server v7.0 Update 7, permite a atacantes remotos provocar una denegación de servicio (caída de demonio) y posiblemente tener otro impacto a través de una cadena larga en la cabecera HTTP "Authorization: Digest".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-01-21 First Exploit
- 2010-01-25 CVE Reserved
- 2010-01-25 CVE Published
- 2024-07-25 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://lists.immunitysec.com/pipermail/dailydave/2010-January/006014.html | Mailing List | |
| http://securitytracker.com/id?1023488 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55792 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/33553 | 2010-01-21 | |
| http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-digest.html | 2024-08-07 | |
| http://www.securityfocus.com/bid/37896 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sun Search vendor "Sun" | Java System Web Server Search vendor "Sun" for product "Java System Web Server" | 7.0 Search vendor "Sun" for product "Java System Web Server" and version "7.0" | update_7 |
Affected
| ||||||