Multiple vulnerabilities have been identified in Sun Java System Web Server, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system. These issues are caused by buffer overflow errors when processing malformed "TRACE", "OPTIONS" or "WebDAV" requests, or overly long "Authorization: Digest" headers, which could be exploited by attackers to crash an affected server or execute arbitrary code.

Affected Products

Sun Java System Web Server version 7.0 Update 7 (7.0u7) and prior
Sun Java System Web Server version 6.1 Service Pack 11 and prior
Sun Java System Web Proxy Server version 4.0 Service pack 12 and prior

Solution

Upgrade to Sun Java System Web Server version 7.0 Release 8 or later, or version 6.1 Service Pack 12 or later :
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275850-1

References

http://www.vupen.com/english/advisories/2010/0182
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275850-1

Credits

Vulnerabilities reported by Intevydis.

Changelog

2010-01-21 : Initial release
2010-01-26 : Updated Solution

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.