Lucene search

MitreCVE-2010-0360

HistoryJan 20, 2010 - 4:30 p.m.

CVE-2010-0360

2010-01-2016:30:00

CWE-20

mitre

web.nvd.nist.gov

cve-2010-0360

sun java system web server

sjws

remote attackers

heap overflow

http trace request

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.009

Percentile

83.1%

JSON

Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an “overflow.” NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273.

Affected configurations

Nvd

Node

sunjava_system_web_serverMatch7.0update_7

VendorProductVersionCPE
sunjava_system_web_server7.0cpe:2.3:a:sun:java_system_web_server:7.0:update_7:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	java_system_web_server	7.0	cpe:2.3:a:sun:java_system_web_server:7.0:update_7::::::

References

intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.html

intevydis.com/vd-list.shtml

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.009

Percentile

83.1%

JSON

Related for CVE-2010-0360