A stack buffer overflow vulnerability exists in Sun Java System Web Server. The vulnerability is due to a boundary error when processing crafted WEBDAV requests. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the affected process.

In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the logic of the malicious code. An unsuccessful exploit attempt may abnormally terminate the affected service.

• Sun Microsystems Java System Web Server (7.0 prior to 7.0 update 8)

• Access vector is NETWORK
• Access complexity is LOW
• Level of authentication required is NONE
• Impact of this vulnerability on data confidentiality is COMPLETE
• Impact of this vulnerability on data integrity is COMPLETE
• Impact of this vulnerability on data availability is COMPLETE

• The exploitability level of this vulnerability is PROOF OF CONCEPT
• The remediation level of this vulnerability is OFFICIAL FIX
• The report confidence level of this vulnerability is CONFIRMED