EIP-2026-103668

PRE-CVE

Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow (PoC)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103668. PoCs published by Evgeny Legerov.

AI-analyzed exploit summary This Python script exploits a heap-based buffer overflow in Sun Java System Web Server via a malformed TRACE request with an overly long path. The vulnerability allows remote attackers to crash the service or potentially execute arbitrary code.

Description

Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow (PoC)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Evgeny Legerov · pythondosmultiple

https://www.exploit-db.com/exploits/33472

View Code ZIP pw:eip

This Python script exploits a heap-based buffer overflow in Sun Java System Web Server via a malformed TRACE request with an overly long path. The vulnerability allows remote attackers to crash the service or potentially execute arbitrary code.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Sun Java System Web Server 7.0 prior to 7.0 Update 8, Sun Java System Web Server 6.1 prior to 6.1 Service Pack 12, Sun Java System Web Proxy Server 4.0 prior to 4.0 Service Pack 13

No auth needed

Prerequisites: Network access to the target server

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026