The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability alert 9741

Sun Java Web Server: denial of service of the administration interface

Synthesis of the vulnerability

When an attacker is allowed to connect to the port of the web administration interface of Sun Java Web Server, he can send a malicious HTTP query in order to stop the service.
Impacted products: Oracle iPlanet Web Server.
Severity of this bulletin: 1/4.
Consequences of an intrusion: denial of service on service.
Hacker's origin: intranet client.
Creation date: 06/07/2010.
Références of this threat: BID-41389, VIGILANCE-VUL-9741.

Description of the vulnerability

The web administration interface of Sun Java Web Server listens by default on ports 8800/tcp (HTTP) and 8989/tcp (HTTP+SSL).

An HTTP query is like:
  GET / HTTP/1.0
  Headers

However, if the query simply contains the line "{\n", the administration service stops.

When an attacker is allowed to connect to the port of the web administration interface of Sun Java Web Server, he can therefore send a malicious HTTP query in order to stop the service.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerabilities workaround. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.