CVE-2010-0360

CWE-20Improper Input Validation3 documents3 sources
Severity
10.0CRITICAL
EPSS
0.8%
top 25.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SUN Java System WEB Server
Timeline
PublishedJan 20
Latest updateMay 2

Description

Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-4q82-xq88-g8g4: Sun Java System Web Server (aka SJWS) 72022-05-02
CVEList
CVE-2010-0360: Sun Java System Web Server (aka SJWS) 72010-01-20
CVE-2010-0360 (CRITICAL CVSS 10) | Sun Java System Web Server (aka SJW | cvebase.io