Heap Memory Vulnerability in Sun Java System Web Server by Sun Microsystems
CVE-2010-0360

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Web Server
Vendor: CVE Published:; 20 January 2010

Summary

The Sun Java System Web Server version 7.0 Update 7 exposes a vulnerability that enables remote attackers to overwriting memory locations within the heap. By sending a malformed HTTP TRACE request containing a lengthy URI and multiple empty headers, potential risks include unauthorized memory discovery and manipulation. This issue highlights the need for robust server configurations and ongoing security assessments to mitigate risks associated with web server vulnerabilities.

References

http://intevydis.blogspot.com/2010/01/sun-java-system-web...

x_refsource_MISC

http://intevydis.com/vd-list.shtml

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 20, 2010