 | ||||||
| << Previous | INDEX | Search | src | Set bookmark | Go to bookmark | Next >> |
| ||||||
| |||||||||||||||||||||
Date: Mon, 15 Mar 2004 17:14:10 +0200 From: Amit Klein <amit.klein@sanctuminc.com> To: bugtraq@securityfocus.com Subject: Multiple Vendor SOAP server array DoS ///////////////////////////////////////////////////////////////////// //=====================>> Security Advisory <<=====================// ///////////////////////////////////////////////////////////////////// --------------------------------------------------------------------- -----[ Multiple Vendor SOAP server array DoS --------------------------------------------------------------------- --[ Author: Amit Klein, Sanctum inc. http://www.SanctumInc.com --[ Release Date: March 15th, 2004 (the Ides of March...) --[ Products: * Macromedia ColdFusion/MX 6.0 and 6.1 * Macromedia ColdFusion/MX 6.0 and 6.1 J2EE (all editions) * Macromedia JRun 4.0 (all editions) * Sun Java System Application Server 7 Update 2 Upgrade and earlier (formerly Sun ONE Application Server) Note: Releases prior to Sun Java System Application Server 7.0 are not affected. * ... and probably other SOAP servers --[ Severity: High --[ Description The problem occurs when a SOAP based web service expects an array of objects as one of its arguments. An attacker can send a malicious SOAP request (with regular size) that incurs a denial of service condition on the SOAP server. --[ Solution * Macromedia products - please follow the instructions of MPSB04-04, in the following URL: http://www.macromedia.com/devnet/security/security_zone/mpsb04-04.html (NOTE: the link is not operative at this moment. Will become live probably later today) * Sun Microsystems products - please follow the instructions of Sun Alert #57517 in the following URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57517 (NOTE: the link is not operative at this moment. Will become live probably later today)
| |||||||||||||||||||||
|
|