Risks
Vulnerabilities
Browse by
Multiple Vendor SOAP Server Array Denial of Service Vulnerability
16 March 2004
Bookmark and Share
From: Amit Klein <amit.klein(at)sanctuminc.com>

--[ Author: Amit Klein, Sanctum inc. http://www.SanctumInc.com
--[ Release Date: March 15th, 2004 (the Ides of March...)
--[ Products:
* Macromedia ColdFusion/MX 6.0 and 6.1
* Macromedia ColdFusion/MX 6.0 and 6.1 J2EE (all editions)
* Macromedia JRun 4.0 (all editions)
* Sun Java System Application Server 7 Update 2 Upgrade and earlier (formerly Sun ONE Application Server)
Note: Releases prior to Sun Java System Application Server 7.0 are not affected.

* ... and probably other SOAP servers

--[ Severity: High

--[ Description
The problem occurs when a SOAP based web service expects an array of objects as one of its arguments. An attacker can send a malicious SOAP request (with regular size) that incurs a denial of service condition on the SOAP server.

--[ Solution
* Macromedia products - please follow the instructions of MPSB04-04, in the following URL: http://www.macromedia.com/devnet/security/security_zone/mpsb04-04.html (NOTE: the link is not operative at this moment. Will become live probably later today)

* Sun Microsystems products - please follow the instructions of Sun Alert #57517 in the following URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57517 (NOTE: the link is not operative at this moment. Will become live probably later today)


Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //