Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Sun Java Web Server, denial of service of the administration interface

July 2010 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

When an attacker is allowed to connect to the port of the web
administration interface of Sun Java Web Server, he can send a
malicious HTTP query in order to stop the service.

 Severity: 1/4
 Creation date: 06/07/2010

DESCRIPTION OF THE VULNERABILITY

The web administration interface of Sun Java Web Server listens by
default on ports 8800/tcp (HTTP) and 8989/tcp (HTTP+SSL).

An HTTP query is like:
GET / HTTP/1.0
Headers

However, if the query simply contains the line "\n", the
administration service stops.

When an attacker is allowed to connect to the port of the web
administration interface of Sun Java Web Server, he can therefore
send a malicious HTTP query in order to stop the service.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Sun-Java-Web-Server-denial-of-service-of-the-administration-interface-9741


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts