Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Sun Java System Application Server SOAP Request Denial of Service

Mar 16, 2004 12:51AM PST

Moderately critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
Sun Java System Application Server (Sun ONE) 7.x

DESCRIPTION:
Amit Klein has discovered a vulnerability in Sun Java System
Application Server, which can be exploited by malicious people to
cause a DoS (Denial-of-Service).

The vulnerability is caused due to an unspecified error within the
handling of SOAP requests. This can be exploited to exhaust a large
amount of CPU and memory resources, which will increase response time
and may generate out-of-memory errors.

The vulnerability affects version 7 Update 2 and prior.

SOLUTION:
Apply Update 3 or later.
http://wwws.sun.com/software/download/app_servers.html

PROVIDED AND/OR DISCOVERED BY:
Amit Klein, Sanctum Inc.

http://secunia.com/advisories/11130/

Discussion is locked