CVE-2010-0388

Name of the Vulnerable Software and Affected Versions Sun Java System Web Server version 7.0 Update 6

Description The issue is related to a format string vulnerability in the WebDAV implementation. This vulnerability can be exploited by sending a PROPFIND request with format string specifiers in the encoding attribute of the XML declaration, potentially causing a denial of service (daemon crash) and possibly having other unspecified impacts.

Recommendations For Sun Java System Web Server version 7.0 Update 6, consider restricting access to the WebDAV implementation until a fix is available, and avoid using format string specifiers in the encoding attribute of the XML declaration in PROPFIND requests. At the moment, there is no information about a newer version that contains a fix for this vulnerability.