The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Sun Calendar Server: denial of service of logging

Synthesis of the vulnerability 

When Access Logging is enabled, an attacker can stop Sun Java System Calendar Server.
Impacted systems: Sun Calendar.
Severity of this alert: 2/4.
Creation date: 18/06/2008.
Références of this alert: 235521, 6622866, BID-29763, VIGILANCE-VUL-7901.

Description of the vulnerability 

The "service.http.commandlog.all" option of cal/config/ics.conf file is used to log HTTP requests. The documentation indicates that this option should not be used during production runtime (fill up the log file and could degrade performance).

When this option is enabled, an attacker can send a malformed HTTP query in order to stop Sun Java System Calendar Server.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat note impacts software or systems such as Sun Calendar.

Our Vigil@nce team determined that the severity of this weakness alert is medium.

The trust level is of type confirmed by the editor, with an origin of intranet client.

An attacker with a expert ability can exploit this computer weakness note.

Solutions for this threat 

Sun Calendar Server: patch.
A patch is available:
  SPARC Platform : patch 121657-23
  x86 Platform : patch 121658-23
  Linux : patch 121659-23
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides applications vulnerabilities analysis. The technology watch team tracks security threats targeting the computer system.