Risks
Vulnerabilities
Browse by
Multiple Vendor SOAP Server Array Denial of Service Vulnerability
16 March 2004
Bookmark and Share
From: Amit Klein <amit.klein(at)sanctuminc.com>

--[ Author: Amit Klein, Sanctum inc. http://www.SanctumInc.com
--[ Release Date: March 15th, 2004 (the Ides of March...)
--[ Products:
* Macromedia ColdFusion/MX 6.0 and 6.1
* Macromedia ColdFusion/MX 6.0 and 6.1 J2EE (all editions)
* Macromedia JRun 4.0 (all editions)
* Sun Java System Application Server 7 Update 2 Upgrade and earlier (formerly Sun ONE Application Server)
Note: Releases prior to Sun Java System Application Server 7.0 are not affected.

* ... and probably other SOAP servers

--[ Severity: High

--[ Description
The problem occurs when a SOAP based web service expects an array of objects as one of its arguments. An attacker can send a malicious SOAP request (with regular size) that incurs a denial of service condition on the SOAP server.

--[ Solution
* Macromedia products - please follow the instructions of MPSB04-04, in the following URL: http://www.macromedia.com/devnet/security/security_zone/mpsb04-04.html (NOTE: the link is not operative at this moment. Will become live probably later today)

* Sun Microsystems products - please follow the instructions of Sun Alert #57517 in the following URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57517 (NOTE: the link is not operative at this moment. Will become live probably later today)


Spotlight

Leveraging network intelligence and deep packet inspection

Posted on 26 November 2014.  |  Tomer Saban, CEO of WireX Systems, talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //