Vulnerabilities > SUN > Java System WEB Server > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-01-25 | CVE-2010-0388 | USE of Externally-Controlled Format String vulnerability in SUN Java System web Server 7.0 Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request. | 7.5 |
| 2010-01-25 | CVE-2010-0387 | Buffer Errors vulnerability in SUN Java System web Server 7.0 Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header. | 7.5 |
| 2010-01-08 | CVE-2010-0273 | Unspecified vulnerability in SUN Java System web Server 7.0 Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. | 7.5 |
| 2010-01-08 | CVE-2010-0272 | Buffer Errors vulnerability in SUN Java System web Server 7.0 Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. | 7.5 |
| 2007-08-07 | CVE-2007-4164 | HTTP Redirect vulnerability in Sun Java System Web Server 6.1/7.0 CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. | 7.5 |
| 2007-03-16 | CVE-2007-1488 | Unauthorized Access vulnerability in SUN Java System web Server 6.0/6.1 Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application. | 7.5 |
| 2000-07-12 | CVE-2000-0629 | Unspecified vulnerability in SUN Java System web Server 1.1.3/2.0 The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet. | 7.5 |