CVE-2010-0388

Sun Java System Web Server 7.0 Update 6 - Denial of Service via WebDAV PROPFIND Request Format String

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0388. PoCs published by Intevydis.

AI-analyzed exploit summary The code is a partial proof-of-concept for a format-string vulnerability in Sun Java System Web Server's WebDAV functionality. It constructs a malicious HTTP PROPFIND request with a format-string payload in the XML encoding attribute, but lacks execution or exploitation details.

Description

Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request.

Exploits (1)

exploitdb STUB VERIFIED
by Intevydis · textdosmultiple
https://www.exploit-db.com/exploits/33560

The code is a partial proof-of-concept for a format-string vulnerability in Sun Java System Web Server's WebDAV functionality. It constructs a malicious HTTP PROPFIND request with a format-string payload in the XML encoding attribute, but lacks execution or exploitation details.

Classification
Stub 70%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Sun Java System Web Server 7.0 without Update Release 8, Sun Java System Web Server 6.1 without Service Pack 12
No auth needed
Prerequisites: Network access to the target server · WebDAV enabled on the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37910
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/55812

Scores

EPSS 0.0718
EPSS Percentile 93.5%

Details

CWE
CWE-134
Status published
Products (1)
sun/java_system_web_server 7.0 update_6
Published Jan 25, 2010
Tracked Since Feb 18, 2026