var-201001-0286
Vulnerability from variot
Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request. Sun Java System Web Server is a high-performance WEB server. The issue affects the WebDAV functionality. Currently very few technical details are available. We will update this BID as more information emerges. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201001-0286",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "java system web server",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "7.0"
},
{
"model": "java system web server",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "java system web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "java system web server sp10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "java system web server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "java system web server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "java system web server sp9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "java system web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "java system web server sp11",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "java system web server sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "java system web server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.03"
},
{
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.07"
},
{
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.06"
},
{
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.02"
},
{
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.01"
},
{
"model": "java system web server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "java system web server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0169"
},
{
"db": "BID",
"id": "37910"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001077"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-257"
},
{
"db": "NVD",
"id": "CVE-2010-0388"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:sun:java_system_web_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001077"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intevydis",
"sources": [
{
"db": "BID",
"id": "37910"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-257"
}
],
"trust": 0.9
},
"cve": "CVE-2010-0388",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2010-0388",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-0388",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-0388",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201001-257",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001077"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-257"
},
{
"db": "NVD",
"id": "CVE-2010-0388"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request. Sun Java System Web Server is a high-performance WEB server. The issue affects the WebDAV functionality. \nCurrently very few technical details are available. We will update this BID as more information emerges. \nAttackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-0388"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001077"
},
{
"db": "CNVD",
"id": "CNVD-2010-0169"
},
{
"db": "BID",
"id": "37910"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-0388",
"trust": 3.3
},
{
"db": "BID",
"id": "37910",
"trust": 2.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0182",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001077",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2010-0169",
"trust": 0.6
},
{
"db": "XF",
"id": "55812",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201001-257",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0169"
},
{
"db": "BID",
"id": "37910"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001077"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-257"
},
{
"db": "NVD",
"id": "CVE-2010-0388"
}
]
},
"id": "VAR-201001-0286",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0169"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0169"
}
]
},
"last_update_date": "2024-11-23T21:47:35.901000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "275850",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275850-1"
},
{
"title": "Sun-Alert-6916389: Sun Java System Web Server WebDAV Remote Format String Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/283"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0169"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001077"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001077"
},
{
"db": "NVD",
"id": "CVE-2010-0388"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/37910"
},
{
"trust": 1.9,
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55812"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0388"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0388"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2010/0182"
},
{
"trust": 0.6,
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.htmlhttp"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/55812"
},
{
"trust": 0.3,
"url": "http://wwws.sun.com/software/products/web_srvr/home_web_srvr.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275850-1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0169"
},
{
"db": "BID",
"id": "37910"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001077"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-257"
},
{
"db": "NVD",
"id": "CVE-2010-0388"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-0169"
},
{
"db": "BID",
"id": "37910"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001077"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-257"
},
{
"db": "NVD",
"id": "CVE-2010-0388"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-01-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0169"
},
{
"date": "2010-01-22T00:00:00",
"db": "BID",
"id": "37910"
},
{
"date": "2010-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001077"
},
{
"date": "2010-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201001-257"
},
{
"date": "2010-01-25T19:30:01.807000",
"db": "NVD",
"id": "CVE-2010-0388"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-01-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0169"
},
{
"date": "2015-04-13T21:03:00",
"db": "BID",
"id": "37910"
},
{
"date": "2010-02-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001077"
},
{
"date": "2010-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201001-257"
},
{
"date": "2024-11-21T01:12:06.850000",
"db": "NVD",
"id": "CVE-2010-0388"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201001-257"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sun Java System Web Server WebDAV Format String Vulnerability",
"sources": [
{
"db": "BID",
"id": "37910"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-257"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201001-257"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…