Vulnerabilities > SUN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-01-25 | CVE-2010-0388 | USE of Externally-Controlled Format String vulnerability in SUN Java System web Server 7.0 Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request. | 7.5 |
| 2010-01-25 | CVE-2010-0387 | Buffer Errors vulnerability in SUN Java System web Server 7.0 Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header. | 7.5 |
| 2010-01-25 | CVE-2010-0386 | Configuration vulnerability in SUN Java System Application Server 7.0 The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398. | 4.3 |
| 2010-01-20 | CVE-2010-0361 | Buffer Errors vulnerability in SUN Java System web Server 7.0 Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request. | 10.0 |
| 2010-01-20 | CVE-2010-0360 | Improper Input Validation vulnerability in SUN Java System web Server 7.0 Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273. | 10.0 |
| 2010-01-14 | CVE-2010-0313 | Denial of Service vulnerability in SUN Java System Directory Server 7.0 The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted LDAP Search Request message. | 5.0 |
| 2010-01-14 | CVE-2010-0311 | Privilege Escalation vulnerability in SUN Java System Identity Server 8.1.0.5/8.1.0.6 Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors. | 6.8 |
| 2010-01-14 | CVE-2010-0310 | Permissions, Privileges, and Access Controls vulnerability in SUN Solaris 10.0 Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates. | 6.8 |
| 2010-01-13 | CVE-2010-0079 | Unspecified vulnerability in Oracle BEA Product Suite R27.6.5 Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
| 2010-01-08 | CVE-2010-0273 | Unspecified vulnerability in SUN Java System web Server 7.0 Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. | 7.5 |