Some vulnerabilities have been reported in Sun Java System Web Server, which can be exploited by malicious people to disclose sensitive information and potentially compromise a vulnerable system.

1) A boundary error when processing the "OPTIONS" requests can be exploited to cause a stack-based buffer overflow via an overly long path name in the request.

Successful exploitation allows execution of arbitrary code, but may require that WebDAV support is enabled.

2) An error in the processing of "TRACE" requests can be exploited to cause a heap-based buffer overflow and allows disclosing potentially sensitive information.

3) An error in the processing of "Authorization" headers in e.g. "PUT" requests can be exploited to cause a heap-based buffer overflow.

4) A format string error in the processing of the "encoding" attribute in xml data can potentially be exploited to execute arbitrary code e.g. via a specially crafted "PROPFIND" request.

The vulnerabilities are reported in Sun Java System Web Server 7.0u7. Other versions may also be affected.

Solution
Update to a fixed version.
Further details available in Customer Area

Provided and/or discovered by
Reportedly modules for VulnDisco Pack.

Changelog
Further details available in Customer Area

Original Advisory
Sun:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275850-1

Intevydis:
http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-webdav.html
http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.html
http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-digest.html
http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html

Technical Analysis
Further details available in Customer Area

Alternate/detailed remediation
Further details available in Customer Area

Deep Links
Links available in Customer Area