Details of VAR-201001-0286

ID

VAR-201001-0286

CVE

CVE-2010-0388

TITLE

Sun Java System Web Server WebDAV Format String Vulnerability

Trust: 0.9

sources: BID: 37910 // CNNVD: CNNVD-201001-257

DESCRIPTION

Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request. Sun Java System Web Server is a high-performance WEB server. The issue affects the WebDAV functionality. Currently very few technical details are available. We will update this BID as more information emerges. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition

Trust: 2.43

sources: NVD: CVE-2010-0388 // JVNDB: JVNDB-2010-001077 // CNVD: CNVD-2010-0169 // BID: 37910

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-0169

AFFECTED PRODUCTS

vendor:	sun	model:	java system web server	scope:	eq	version:	7.0	Trust: 1.6
vendor:	sun microsystems	model:	java system web server	scope:	eq	version:	7.0	Trust: 0.8
vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	sun	model:	java system web server sp2	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server sp10	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server sp5	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server sp6	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server sp9	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server sp1	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server sp11	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server sp8	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server sp4	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server update	scope:	eq	version:	7.03	Trust: 0.3
vendor:	sun	model:	java system web server update	scope:	eq	version:	7.07	Trust: 0.3
vendor:	sun	model:	java system web server update	scope:	eq	version:	7.06	Trust: 0.3
vendor:	sun	model:	java system web server	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server update	scope:	eq	version:	7.02	Trust: 0.3
vendor:	sun	model:	java system web server update	scope:	eq	version:	7.01	Trust: 0.3
vendor:	sun	model:	java system web server sp3	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	java system web server sp7	scope:	eq	version:	6.1	Trust: 0.3

sources: CNVD: CNVD-2010-0169 // BID: 37910 // JVNDB: JVNDB-2010-001077 // CNNVD: CNNVD-201001-257 // NVD: CVE-2010-0388

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-0388
value:	HIGH
Trust: 1.0
NVD:	CVE-2010-0388
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201001-257
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2010-0388
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2010-001077 // CNNVD: CNNVD-201001-257 // NVD: CVE-2010-0388

PROBLEMTYPE DATA

problemtype:

CWE-134

Trust: 1.8

sources: JVNDB: JVNDB-2010-001077 // NVD: CVE-2010-0388

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201001-257

TYPE

format string

Trust: 0.6

sources: CNNVD: CNNVD-201001-257

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001077

PATCH

title:	275850	url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-275850-1	Trust: 0.8
title:	Sun-Alert-6916389: Sun Java System Web Server WebDAV Remote Format String Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/283	Trust: 0.6

sources: CNVD: CNVD-2010-0169 // JVNDB: JVNDB-2010-001077

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0388	Trust: 3.3
db:	BID	id:	37910	Trust: 2.7
db:	VUPEN	id:	ADV-2010-0182	Trust: 0.8
db:	JVNDB	id:	JVNDB-2010-001077	Trust: 0.8
db:	CNVD	id:	CNVD-2010-0169	Trust: 0.6
db:	XF	id:	55812	Trust: 0.6
db:	CNNVD	id:	CNNVD-201001-257	Trust: 0.6

sources: CNVD: CNVD-2010-0169 // BID: 37910 // JVNDB: JVNDB-2010-001077 // CNNVD: CNNVD-201001-257 // NVD: CVE-2010-0388

REFERENCES

url:	http://www.securityfocus.com/bid/37910	Trust: 2.4
url:	http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html	Trust: 1.9
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/55812	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0388	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0388	Trust: 0.8
url:	http://www.vupen.com/english/advisories/2010/0182	Trust: 0.8
url:	http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.htmlhttp	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/55812	Trust: 0.6
url:	http://wwws.sun.com/software/products/web_srvr/home_web_srvr.html	Trust: 0.3
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-275850-1	Trust: 0.3

sources: CNVD: CNVD-2010-0169 // BID: 37910 // JVNDB: JVNDB-2010-001077 // CNNVD: CNNVD-201001-257 // NVD: CVE-2010-0388

CREDITS

Intevydis

Trust: 0.9

sources: BID: 37910 // CNNVD: CNNVD-201001-257

SOURCES

db:	CNVD	id:	CNVD-2010-0169
db:	BID	id:	37910
db:	JVNDB	id:	JVNDB-2010-001077
db:	CNNVD	id:	CNNVD-201001-257
db:	NVD	id:	CVE-2010-0388

LAST UPDATE DATE

2025-04-11T22:50:41.280000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-0169	date:	2010-01-27T00:00:00
db:	BID	id:	37910	date:	2015-04-13T21:03:00
db:	JVNDB	id:	JVNDB-2010-001077	date:	2010-02-23T00:00:00
db:	CNNVD	id:	CNNVD-201001-257	date:	2010-01-26T00:00:00
db:	NVD	id:	CVE-2010-0388	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-0169	date:	2010-01-27T00:00:00
db:	BID	id:	37910	date:	2010-01-22T00:00:00
db:	JVNDB	id:	JVNDB-2010-001077	date:	2010-02-23T00:00:00
db:	CNNVD	id:	CNNVD-201001-257	date:	2010-01-25T00:00:00
db:	NVD	id:	CVE-2010-0388	date:	2010-01-25T19:30:01.807