Details of VAR-201001-0719

ID

VAR-201001-0719

CVE

CVE-2010-0360

TITLE

Sun Java System Web Server Vulnerable to overwriting the memory storage location of the heap area

Trust: 0.8

sources: JVNDB: JVNDB-2010-001074

DESCRIPTION

Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273. Sun Java System Web Server is a Java-based WEB server. There are no detailed vulnerability details available, but the mass canvas platform already provides tools for use. A heap overflow vulnerability in the HTTP TRACE feature of the Java System Web server that could allow a remote, non-privileged user to cause a Web server or Web proxy server to crash, resulting in a denial of service. These vulnerabilities can also result in unauthorized access to sensitive information. 1) A boundary error when processing the "OPTIONS" requests can be exploited to cause a stack-based buffer overflow via an overly long path name in the request. Successful exploitation allows execution of arbitrary code, but may require that DAV support is enabled. 2) An error in the processing of "TRACE" requests can be exploited to cause a heap-based buffer overflow and allows disclosing potentially sensitive information. Other versions may also be affected. SOLUTION: Restrict network access to the affected service. Filter malicious requests using the affected methods. PROVIDED AND/OR DISCOVERED BY: Reportedly modules for VulnDisco Pack. ORIGINAL ADVISORY: http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-webdav.html http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.33

sources: NVD: CVE-2010-0360 // JVNDB: JVNDB-2010-001074 // CNVD: CNVD-2010-0031 // CNVD: CNVD-2010-0166 // BID: 79021 // BID: 37648 // PACKETSTORM: 85424

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2010-0031 // CNVD: CNVD-2010-0166

AFFECTED PRODUCTS

vendor:	sun	model:	java system web server	scope:	eq	version:	7.0	Trust: 1.9
vendor:	no	model:	-	scope:	-	version:	-	Trust: 1.2
vendor:	sun microsystems	model:	java system web server	scope:	eq	version:	7.0	Trust: 0.8
vendor:	sun	model:	java system web server update	scope:	eq	version:	7.07	Trust: 0.6
vendor:	sun	model:	java system web server sp4	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server sp7	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server sp2	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web proxy server	scope:	eq	version:	4.0.12	Trust: 0.3
vendor:	sun	model:	java system web server sp9	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server update	scope:	eq	version:	7.03	Trust: 0.3
vendor:	sun	model:	java system web server sp11	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web proxy server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	sun	model:	java system web server sp3	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server sp10	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server sp6	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server sp1	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server sp8	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server update	scope:	eq	version:	7.01	Trust: 0.3
vendor:	sun	model:	java system web server sp5	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server update	scope:	eq	version:	7.06	Trust: 0.3
vendor:	sun	model:	java system web server update	scope:	eq	version:	7.02	Trust: 0.3
vendor:	sun	model:	java system web proxy server	scope:	eq	version:	4.0.5	Trust: 0.3

sources: CNVD: CNVD-2010-0031 // CNVD: CNVD-2010-0166 // BID: 79021 // BID: 37648 // JVNDB: JVNDB-2010-001074 // CNNVD: CNNVD-201001-204 // NVD: CVE-2010-0360

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-0360
value:	HIGH
Trust: 1.0
NVD:	CVE-2010-0360
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201001-204
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2010-0360
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2010-0360
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

sources: JVNDB: JVNDB-2010-001074 // CNNVD: CNNVD-201001-204 // NVD: CVE-2010-0360

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2010-001074 // NVD: CVE-2010-0360

THREAT TYPE

network

Trust: 0.6

sources: BID: 79021 // BID: 37648

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201001-204

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001074

PATCH

title:	275850	url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-275850-1	Trust: 0.8
title:	Sun-Alert-6916389: Patch for Sun Java System Web Server HTTP TRACE Remote Heap Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/284	Trust: 0.6

sources: CNVD: CNVD-2010-0166 // JVNDB: JVNDB-2010-001074

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0360	Trust: 3.3
db:	BID	id:	37648	Trust: 1.7
db:	VUPEN	id:	ADV-2010-0182	Trust: 0.8
db:	JVNDB	id:	JVNDB-2010-001074	Trust: 0.8
db:	SECUNIA	id:	38260	Trust: 0.7
db:	CNVD	id:	CNVD-2010-0031	Trust: 0.6
db:	CNVD	id:	CNVD-2010-0166	Trust: 0.6
db:	CNNVD	id:	CNNVD-201001-204	Trust: 0.6
db:	BID	id:	79021	Trust: 0.3
db:	PACKETSTORM	id:	85424	Trust: 0.1

sources: CNVD: CNVD-2010-0031 // CNVD: CNVD-2010-0166 // BID: 79021 // BID: 37648 // JVNDB: JVNDB-2010-001074 // PACKETSTORM: 85424 // CNNVD: CNNVD-201001-204 // NVD: CVE-2010-0360

REFERENCES

url:	http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.html	Trust: 2.3
url:	http://intevydis.com/vd-list.shtml	Trust: 1.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0360	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0360	Trust: 0.8
url:	http://www.securityfocus.com/bid/37648	Trust: 0.8
url:	http://www.vupen.com/english/advisories/2010/0182	Trust: 0.8
url:	http://www.venustech.com.cn/newsinfo/124/5961.html	Trust: 0.6
url:	http://secunia.com/advisories/38260/http	Trust: 0.6
url:	http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html	Trust: 0.3
url:	http://wwws.sun.com/software/products/web_srvr/home_web_srvr.html	Trust: 0.3
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-275850-1	Trust: 0.3
url:	http://secunia.com/advisories/38260/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/blog/71/	Trust: 0.1
url:	http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-webdav.html	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

CREDITS

Unknown

Trust: 0.3

sources: BID: 79021

SOURCES

db:	CNVD	id:	CNVD-2010-0031
db:	CNVD	id:	CNVD-2010-0166
db:	BID	id:	79021
db:	BID	id:	37648
db:	JVNDB	id:	JVNDB-2010-001074
db:	PACKETSTORM	id:	85424
db:	CNNVD	id:	CNNVD-201001-204
db:	NVD	id:	CVE-2010-0360

LAST UPDATE DATE

2024-11-23T21:47:35.827000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-0031	date:	2010-01-07T00:00:00
db:	CNVD	id:	CNVD-2010-0166	date:	2010-01-27T00:00:00
db:	BID	id:	79021	date:	2010-01-20T00:00:00
db:	BID	id:	37648	date:	2010-01-25T19:41:00
db:	JVNDB	id:	JVNDB-2010-001074	date:	2010-02-23T00:00:00
db:	CNNVD	id:	CNNVD-201001-204	date:	2010-01-21T00:00:00
db:	NVD	id:	CVE-2010-0360	date:	2024-11-21T01:12:03.270

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-0031	date:	2010-01-07T00:00:00
db:	CNVD	id:	CNVD-2010-0166	date:	2010-01-27T00:00:00
db:	BID	id:	79021	date:	2010-01-20T00:00:00
db:	BID	id:	37648	date:	2010-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2010-001074	date:	2010-02-23T00:00:00
db:	PACKETSTORM	id:	85424	date:	2010-01-20T14:46:37
db:	CNNVD	id:	CNNVD-201001-204	date:	2010-01-20T00:00:00
db:	NVD	id:	CVE-2010-0360	date:	2010-01-20T16:30:00.557