A buffer overflow vulnerability exists in Sun Java System Web Server. The vulnerability is due to insufficient boundary checks when processing malformed HTTP requests. A remote unauthenticated attack can leverage this vulnerability by sending a crafted HTTP request to a target server.

In an attack scenario where code execution is successful the injected code will be executed within the security context of the target service. An unsuccessful exploit attempt may abnormally terminate the affected service.

The vendor, Sun, has released an advisory for the vulnerability:

http://sunsolve.sun.com/search/document.do?assetkey=1-66-275850-1

• Sun Microsystems Java System Web Proxy Server 4.0 prior to SP13
• Sun Microsystems Java System Web Server 6.1 prior to SP12
• Sun Microsystems Java System Web Server 7.0 prior to Update Release 8

• Access vector is NETWORK
• Access complexity is LOW
• Level of authentication required is NONE
• Impact of this vulnerability on data confidentiality is COMPLETE
• Impact of this vulnerability on data integrity is COMPLETE
• Impact of this vulnerability on data availability is COMPLETE

• The exploitability level of this vulnerability is PROOF OF CONCEPT
• The remediation level of this vulnerability is OFFICIAL FIX
• The report confidence level of this vulnerability is CONFIRMED