A stack buffer overflow vulnerability has been reported in Sun Java System Web Server. This vulnerability could be exploited by remote unauthenticated attackers to cause execution of arbitrary code on a target system.

In an attack scenario where code execution is successful the injected code will be executed within the security context of the target service. An unsuccessful exploit attempt may abnormally terminate the affected service.

The vendor, Sun, does not currently provide guidance for this reported vulnerability.

The discoverer has published an exploit for the vulnerability:

http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-webdav.html

• Sun Microsystems Java System Web Server 7.0 update 7

• Access vector is NETWORK
• Access complexity is LOW
• Level of authentication required is NONE
• Impact of this vulnerability on data confidentiality is COMPLETE
• Impact of this vulnerability on data integrity is COMPLETE
• Impact of this vulnerability on data availability is COMPLETE

• The exploitability level of this vulnerability is PROOF OF CONCEPT
• The remediation level of this vulnerability is OFFICIAL FIX
• The report confidence level of this vulnerability is CONFIRMED