Sun.Java.System.Web.Server.WEBDAV.Format.String

Release Date May 03, 2011
Severity high
Impact System compromise Denial of service
Description This indicates an attack attempt against a format-string vulnerability in Sun Java System Web Server. The vulnerability is caused by an error when the vulnerable software handles a specially crafted "PROPFIND" request. It allows a remote attacker to execute arbitrary code.
Affected Products Sun Java System Web Server 7.0 Update 7 Sun Java System Web Server 7.0 Update 6 Sun Java System Web Server 7.0 Update 3 Sun Java System Web Server 7.0 Update 2 Sun Java System Web Server 7.0 Update 1
Recommended Actions Upgrade to the latest versions: http://wwws.sun.com/software/products/web_srvr/home_web_srvr.html
Coverage IPS VCM
Reference/s http://intevydis.blogspot.com/2010/01/sun-javasystem-web-server-70-webdav.html http://secunia.com/advisories/38260/

Fortinet