CVE-2010-0387

Sun Java System Web Server 7.0 Update 7 - Heap-Based Buffer Overflow via Long Digest Authorization Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0387. PoCs published by Intevydis.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Sun Java System Web Server by sending a maliciously crafted HTTP PUT request with an overly long 'Authorization: Digest' header. The lack of boundary checks can lead to arbitrary code execution or denial-of-service.

Description

Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Intevydis · textremotemultiple

https://www.exploit-db.com/exploits/33553

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Sun Java System Web Server by sending a maliciously crafted HTTP PUT request with an overly long 'Authorization: Digest' header. The lack of boundary checks can lead to arbitrary code execution or denial-of-service.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Sun Java System Web Server 7.0 without Update Release 8, Sun Java System Web Server 6.1 without Service Pack 12, Sun Java System Web Proxy Server 4.0 without Service pack 13

No auth needed

Prerequisites: Network access to the target server · Target server running vulnerable version of Sun Java System Web Server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →