Buffer overflow in Sun Java_system_web_proxy_server

CVE-2008-4541

Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.

Vulnerability class: Buffer Overflow

EPSS: 0.084 (94.3th percentile) — read the EPSS interpretation.

Affected products

Sun Java_system_web_proxy_server — versions 4.0, 4.0.1, 4.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
cve@mitre.org (x_refsource_IDEFENSE, third-party-advisory)
cve@mitre.org (vendor-advisory, x_refsource_SUNALERT)