Sun ONE/iPlanet Web Server Chunked Encoding Vulnerability

When processing requests coded with the 'Chunked Encoding' mechanism, Sun ONE/iPlanet fails to properly calculate required buffer sizes. Consequently, several conditions may occur that have security implications. A remote attacker may craft a specially malformed session in order to overwrite the heap of the target system.

It has been reported that a buffer overrun may occur. Exploitation of these conditions may result in the execution of arbitrary code or a denial of service attack.


 

Privacy Statement
Copyright 2010, SecurityFocus