Intrusion Prevention

Sun.Java.System.Web.Server.WEBDAV.Format.String

Description

This indicates an attack attempt against a format-string vulnerability in Sun Java System Web Server.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted "PROPFIND" request. It allows a remote attacker to execute arbitrary code.

Affected Products

Sun Java System Web Server 7.0 Update 7
Sun Java System Web Server 7.0 Update 6
Sun Java System Web Server 7.0 Update 3
Sun Java System Web Server 7.0 Update 2
Sun Java System Web Server 7.0 Update 1

Impact

System compromise
Denial of service

Recommended Actions

Upgrade to the latest versions:
http://wwws.sun.com/software/products/web_srvr/home_web_srvr.html