Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0387

CWE-119 ā€” Buffer Overflow4 documents4 sources
Severity
7.5HIGH
EPSS
18.7%
top 4.72%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SUN Java System WEB Server
Timeline
PublishedJan 25
Latest updateMay 2

Description

Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

šŸ”“Vulnerability Details

2
GHSA
GHSA-43pq-r97m-pgc4: Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7ā†—2022-05-02
ā–¶
CVEList
CVE-2010-0387: Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7ā†—2010-01-25
ā–¶

šŸ’„Exploits & PoCs

1
Exploit-DB
Sun Java System Web Server 6.1/7.0 - Digest Authentication Remote Buffer Overflowā†—2010-01-21
ā–¶
CVE-2010-0387 (HIGH CVSS 7.5) | Multiple heap-based buffer overflow | cvebase.io