[SingCERT] Sun Java System Web Server Two Vulnerabilities

[ Summary ]

Some vulnerabilities have been reported in Sun Java System Web Server, which can be exploited by malicious people to disclose sensitive information and potentially compromise a vulnerable system.

1) A boundary error when processing the "OPTIONS" requests can be exploited to cause a stack-based buffer overflow via an overly long path name in the request. Successful exploitation allows execution of arbitrary code, but may require that DAV support is enabled. 2) An error in the processing of "TRACE" requests can be exploited to cause a heap-based buffer overflow and allows disclosing potentially sensitive information.

[ Affected Systems ]

• Sun Java System Web Server 7.x

[ Solution/Workaround ]

There are currently no patches. Mitigating strategies include:

• Restrict network access to the affected service.
• Filter malicious requests using the affected methods.

[ Reference ]

• http://intevydis.blogspot.com/2010/01...va-system-web-server-70u7-webdav.html
• http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.html