SUN » Java System Web Server : Security Vulnerabilities, CVEs, CVSS score >= 7
Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request.
Max CVSS
7.5
EPSS Score
91.30%
Published
2010-01-25
Updated
2017-08-17
Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header.
Max CVSS
7.5
EPSS Score
94.82%
Published
2010-01-25
Updated
2017-08-17
CVE-2010-0361
Public exploit
Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request.
Max CVSS
10.0
EPSS Score
95.11%
Published
2010-01-20
Updated
2011-04-28
Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273.
Max CVSS
10.0
EPSS Score
0.36%
Published
2010-01-20
Updated
2011-04-28
Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Max CVSS
7.5
EPSS Score
0.62%
Published
2010-01-08
Updated
2010-01-11
Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Max CVSS
7.5
EPSS Score
0.86%
Published
2010-01-08
Updated
2017-08-17
Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Max CVSS
9.3
EPSS Score
0.31%
Published
2009-11-05
Updated
2017-08-17
CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
Max CVSS
7.5
EPSS Score
3.11%
Published
2007-08-07
Updated
2017-07-29
Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716.
Max CVSS
9.3
EPSS Score
1.27%
Published
2007-07-11
Updated
2018-10-15
Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application.
Max CVSS
7.5
EPSS Score
1.89%
Published
2007-03-16
Updated
2017-07-29
The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag.
Max CVSS
10.0
EPSS Score
0.38%
Published
2000-11-14
Updated
2017-12-19
The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet.
Max CVSS
7.5
EPSS Score
0.26%
Published
2000-07-12
Updated
2008-09-10
12 vulnerabilities found