Vulnerability Description
Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Java System Web Server | 7.0 |
Related Weaknesses (CWE)
References
- http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.htmlExploit
- http://www.securityfocus.com/bid/37910Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55812
- http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.htmlExploit
- http://www.securityfocus.com/bid/37910Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55812
FAQ
What is CVE-2010-0388?
CVE-2010-0388 is a vulnerability with a CVSS score of 7.5 (HIGH). Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have un...
How severe is CVE-2010-0388?
CVE-2010-0388 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0388?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Java System Web Server.