Logging Vulnerability in Sun ONE Application Server 7.0 for Windows
CVE-2003-0412

Currently unrated

Key Information:

Vendor: Oracle
Status: One Application Server
Vendor: CVE Published:; 30 June 2003

What is CVE-2003-0412?

The Sun ONE Application Server 7.0 for Windows 2000 and XP is affected by a vulnerability that fails to log the full URI of lengthy HTTP requests. This oversight can allow remote attackers to perpetrate malicious activities without detection, effectively hiding their actions from system administrators and security software.

References

http://www.spidynamics.com/sunone_alert.html

x_refsource_MISC

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2...

vendor-advisoryx_refsource_SUNALERT

http://www.ciac.org/ciac/bulletins/n-103.shtml

third-party-advisorygovernment-resourcex_refsource_CIAC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2003
Vulnerability Reserved
Jun 10, 2003

Oracle

What is CVE-2003-0412?

References

Timeline