Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0388

CWE-134Uncontrolled Format String4 documents4 sources
Severity
7.5HIGH
EPSS
2.0%
top 16.54%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SUN Java System WEB Server
Timeline
PublishedJan 25
Latest updateMay 2

Description

Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-jccc-47h3-6r27: Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 72022-05-02
CVEList
CVE-2010-0388: Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 72010-01-25

💥Exploits & PoCs

1
Exploit-DB
Sun Java System Web Server 6.1/7.0 - WebDAV Format String2010-01-22
CVE-2010-0388 (HIGH CVSS 7.5) | Format string vulnerability in the | cvebase.io