Format String Vulnerability in Sun Java System Web Server 7.0
CVE-2010-0388

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Web Server
Vendor: CVE Published:; 25 January 2010

Summary

A format string vulnerability exists in the WebDAV implementation of the Sun Java System Web Server 7.0 Update 6, allowing remote attackers to potentially crash the server daemon through specially crafted format string specifiers in the XML declaration of a PROPFIND request. This could lead to a denial of service, causing interruptions in service and affecting the overall stability of the web server. Remediation steps should be taken promptly to safeguard against this attack vector.

References

http://www.securityfocus.com/bid/37910

vdb-entryx_refsource_BID

http://intevydis.blogspot.com/2010/01/sun-java-system-web...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/55812

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 25, 2010
Vulnerability Reserved
Jan 25, 2010