Sign-up

ID

VAR-201001-0718


CVE

CVE-2010-0387


TITLE

Sun Java System Web Server Digest Authentication Remote Buffer Overflow Vulnerability

Trust: 0.9

sources: BID: 37896 // CNNVD: CNNVD-201001-271

DESCRIPTION

Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header. Sun Java System Web Server is a high-performance WEB server. Multiple heap overflow vulnerabilities exist in the webservd daemon and management server of the Java System Web Server. Sun Java System Web Server is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. 1) A boundary error when processing the "OPTIONS" requests can be exploited to cause a stack-based buffer overflow via an overly long path name in the request. Successful exploitation allows execution of arbitrary code, but may require that DAV support is enabled. 2) An error in the processing of "TRACE" requests can be exploited to cause a heap-based buffer overflow and allows disclosing potentially sensitive information. Other versions may also be affected. SOLUTION: Restrict network access to the affected service. Filter malicious requests using the affected methods. PROVIDED AND/OR DISCOVERED BY: Reportedly modules for VulnDisco Pack. ORIGINAL ADVISORY: http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-webdav.html http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2010-0387 // JVNDB: JVNDB-2010-001076 // CNVD: CNVD-2010-0167 // BID: 37896 // PACKETSTORM: 85424

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-0167

AFFECTED PRODUCTS

vendor:sunmodel:java system web serverscope:eqversion:7.0

Trust: 1.6

vendor:sun microsystemsmodel:java system web serverscope:eqversion:7.0

Trust: 0.8

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:sunmodel:java system web server sp9scope:eqversion:6.1

Trust: 0.3

vendor:sunmodel:java system web server sp8scope:eqversion:6.1

Trust: 0.3

vendor:sunmodel:java system web server sp7scope:eqversion:6.1

Trust: 0.3

vendor:sunmodel:java system web server sp6scope:eqversion:6.1

Trust: 0.3

vendor:sunmodel:java system web server sp5scope:eqversion:6.1

Trust: 0.3

vendor:sunmodel:java system web server sp4scope:eqversion:6.1

Trust: 0.3

vendor:sunmodel:java system web server sp3scope:eqversion:6.1

Trust: 0.3

vendor:sunmodel:java system web server sp2scope:eqversion:6.1

Trust: 0.3

vendor:sunmodel:java system web server sp11scope:eqversion:6.1

Trust: 0.3

vendor:sunmodel:java system web server sp10scope:eqversion:6.1

Trust: 0.3

vendor:sunmodel:java system web server sp1scope:eqversion:6.1

Trust: 0.3

vendor:sunmodel:java system web server updatescope:eqversion:7.07

Trust: 0.3

vendor:sunmodel:java system web server updatescope:eqversion:7.06

Trust: 0.3

vendor:sunmodel:java system web server updatescope:eqversion:7.03

Trust: 0.3

vendor:sunmodel:java system web server updatescope:eqversion:7.02

Trust: 0.3

vendor:sunmodel:java system web server updatescope:eqversion:7.01

Trust: 0.3

vendor:sunmodel:java system web serverscope:eqversion:6.1

Trust: 0.3

vendor:sunmodel:java system web proxy serverscope:eqversion:4.0.12

Trust: 0.3

vendor:sunmodel:java system web proxy serverscope:eqversion:4.0.5

Trust: 0.3

vendor:sunmodel:java system web proxy serverscope:eqversion:4.0

Trust: 0.3

sources: CNVD: CNVD-2010-0167 // BID: 37896 // JVNDB: JVNDB-2010-001076 // CNNVD: CNNVD-201001-271 // NVD: CVE-2010-0387

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-0387
value: HIGH

Trust: 1.0

NVD: CVE-2010-0387
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201001-271
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2010-0387
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2010-001076 // CNNVD: CNNVD-201001-271 // NVD: CVE-2010-0387

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2010-001076 // NVD: CVE-2010-0387

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201001-271

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201001-271

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001076

PATCH
title:275850url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-275850-1
Trust: 0.8
title:Sun-Alert-6916389: Sun Java System Web Server Digest Authentication Remote Heap Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/285
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2010-0167 // 
            
            
            
            JVNDB: JVNDB-2010-001076

EXTERNAL IDS
db:NVDid:CVE-2010-0387
Trust: 3.3
db:BIDid:37896
Trust: 2.7
db:SECTRACKid:1023488
Trust: 1.6
db:SECUNIAid:38260
Trust: 0.9
db:VUPENid:ADV-2010-0182
Trust: 0.8
db:JVNDBid:JVNDB-2010-001076
Trust: 0.8
db:CNVDid:CNVD-2010-0167
Trust: 0.6
db:MLISTid:[DAILYDAVE] 20100120 SUN WEB SERVER DIGEST AUTH OVERFLOW
Trust: 0.6
db:XFid:55792
Trust: 0.6
db:CNNVDid:CNNVD-201001-271
Trust: 0.6
db:PACKETSTORMid:85424
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-0167 // 
            
            
            
            BID: 37896 // 
            
            
            
            JVNDB: JVNDB-2010-001076 // 
            
            
            
            PACKETSTORM: 85424 // 
            
            
            
            CNNVD: CNNVD-201001-271 // 
            
            
            
            NVD: CVE-2010-0387

REFERENCES
url:http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-digest.html
Trust: 2.5
url:http://www.securityfocus.com/bid/37896
Trust: 2.4
url:http://securitytracker.com/id?1023488
Trust: 1.6
url:http://lists.immunitysec.com/pipermail/dailydave/2010-january/006014.html
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/55792
Trust: 1.0
url:http://secunia.com/advisories/38260/
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0387
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0387
Trust: 0.8
url:http://www.vupen.com/english/advisories/2010/0182
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/55792
Trust: 0.6
url:http://wwws.sun.com/software/products/web_srvr/home_web_srvr.html
Trust: 0.3
url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-275850-1
Trust: 0.3
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/blog/71/
Trust: 0.1
url:http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-webdav.html
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.html
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-0167 // 
            
            
            
            BID: 37896 // 
            
            
            
            JVNDB: JVNDB-2010-001076 // 
            
            
            
            PACKETSTORM: 85424 // 
            
            
            
            CNNVD: CNNVD-201001-271 // 
            
            
            
            NVD: CVE-2010-0387

CREDITS
Intevydis
Trust: 0.9
sources:
            
            
            BID: 37896 // 
            
            
            
            CNNVD: CNNVD-201001-271

SOURCES
db:CNVDid:CNVD-2010-0167
db:BIDid:37896
db:JVNDBid:JVNDB-2010-001076
db:PACKETSTORMid:85424
db:CNNVDid:CNNVD-201001-271
db:NVDid:CVE-2010-0387

LAST UPDATE DATE
2024-11-23T21:47:35.934000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2010-0167date:2010-01-27T00:00:00
db:BIDid:37896date:2015-04-13T21:03:00
db:JVNDBid:JVNDB-2010-001076date:2010-02-23T00:00:00
db:CNNVDid:CNNVD-201001-271date:2010-01-26T00:00:00
db:NVDid:CVE-2010-0387date:2024-11-21T01:12:06.710

SOURCES RELEASE DATE
db:CNVDid:CNVD-2010-0167date:2010-01-27T00:00:00
db:BIDid:37896date:2010-01-21T00:00:00
db:JVNDBid:JVNDB-2010-001076date:2010-02-23T00:00:00
db:PACKETSTORMid:85424date:2010-01-20T14:46:37
db:CNNVDid:CNNVD-201001-271date:2010-01-25T00:00:00
db:NVDid:CVE-2010-0387date:2010-01-25T19:30:01.760