Vulnerability Description
Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Java System Web Server | 7.0 |
Related Weaknesses (CWE)
References
- http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.htmlExploit
- http://intevydis.com/vd-list.shtml
- http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.htmlExploit
- http://intevydis.com/vd-list.shtml
FAQ
What is CVE-2010-0360?
CVE-2010-0360 is a vulnerability with a CVSS score of 10.0 (HIGH). Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request ...
How severe is CVE-2010-0360?
CVE-2010-0360 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0360?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Java System Web Server.