Vigil@nce: Sun Java Web Server, denial of service of the administration interface
July 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When an attacker is allowed to connect to the port of the web
administration interface of Sun Java Web Server, he can send a
malicious HTTP query in order to stop the service.
– Severity: 1/4
– Creation date: 06/07/2010
DESCRIPTION OF THE VULNERABILITY
The web administration interface of Sun Java Web Server listens by
default on ports 8800/tcp (HTTP) and 8989/tcp (HTTP+SSL).
An HTTP query is like:
GET / HTTP/1.0
Headers
However, if the query simply contains the line "\n", the
administration service stops.
When an attacker is allowed to connect to the port of the web
administration interface of Sun Java Web Server, he can therefore
send a malicious HTTP query in order to stop the service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN