Sun.Java.Web.Server.WebDAV.Format.String
Description
This indicates an attack attempt against a format-string vulnerability in Sun's Java System Web Server.
The vulnerability is due to an error when the vulnerable software handles malformed format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request. A remote attacker may exploit this to execute arbitrary code.
Affected Products
Sun Java System Web Server 6.1 SP9
Sun Java System Web Server 7.0 Update 7
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Please refer to the vendor's web site for suggested workaround:
http://www.oracle.com/us/sun/index.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |