A buffer overflow vulnerability exists in Sun Java System Web Server. The vulnerability is due to insufficient boundary checks when processing malformed HTTP requests. A remote unauthenticated attack can leverage this vulnerability by sending a crafted HTTP request to a target server.

In an attack scenario where code execution is successful the injected code will be executed within the security context of the target service, which is usually SYSTEM.

• Sun Microsystems Java System Web Proxy Server (4.0 prior to SP13)
• Sun Microsystems Java System Web Server (6.1 prior to SP12, 7.0 prior to Update Release 8)

• Access vector is NETWORK
• Access complexity is LOW
• Level of authentication required is NONE
• Impact of this vulnerability on data confidentiality is COMPLETE
• Impact of this vulnerability on data integrity is COMPLETE
• Impact of this vulnerability on data availability is COMPLETE

• The exploitability level of this vulnerability is PROOF OF CONCEPT
• The remediation level of this vulnerability is OFFICIAL FIX
• The report confidence level of this vulnerability is CONFIRMED