CVE-2010-0388

SUN Java System Web Server - Format String Vulnerability

Title source: rule

Description

Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request.

Exploits (1)

exploitdb STUB VERIFIED

by Intevydis · textdosmultiple

https://www.exploit-db.com/exploits/33560

View Code ZIP pw:eip

References (3)

[Exploit] http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html

[Exploit] http://www.securityfocus.com/bid/37910

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/55812

Scores

EPSS 0.0195

EPSS Percentile 83.3%

Classification

CWE

CWE-134

Status draft

Affected Products (1)

sun/java_system_web_server

Timeline

Published Jan 25, 2010

Tracked Since Feb 18, 2026