Multiple Vendor SOAP Server Undisclosed Request Denial Of Service Vulnerability

BID:9877

Info

Multiple Vendor SOAP Server Undisclosed Request Denial Of Service Vulnerability

Bugtraq ID: 9877
Class: Failure to Handle Exceptional Conditions
CVE:
Remote: Yes
Local: No
Published: Mar 15 2004 12:00AM
Updated: Mar 15 2004 12:00AM
Credit: Discovery of this vulnerability has been credited to Amit Klein <[email protected]>.
Vulnerable: Sun ONE Application Server 7.0 UR2 Upgrade Standard
Sun ONE Application Server 7.0 UR2 Upgrade Platform
Sun ONE Application Server 7.0 UR2 Standard Edition
Sun ONE Application Server 7.0 UR2 Platform Edition
Sun ONE Application Server 7.0 UR1 Standard Edition
Sun ONE Application Server 7.0 UR1 Platform Edition
Sun ONE Application Server 7.0 Standard Edition
Sun ONE Application Server 7.0 Platform Edition
Macromedia JRun 4.0 SP1a
Macromedia JRun 4.0 SP1
Macromedia JRun 4.0 build 61650
Macromedia JRun 4.0
- Microsoft IIS 5.1
 - Microsoft IIS 5.0
 - Microsoft IIS 4.0
 Macromedia ColdFusion MX J2EE 6.1
Macromedia ColdFusion MX J2EE 6.0
Macromedia ColdFusion MX 6.1
Macromedia ColdFusion MX 6.0
Not Vulnerable:

Discussion

Multiple Vendor SOAP Server Undisclosed Request Denial Of Service Vulnerability

A problem has been identified in several different SOAP servers when handling certain types of requests. Because of this, it is possible for an attacker to force a denial of service on systems using a vulnerable implementation.

This BID will be updated as further details regarding this vulnerability are made public.

Exploit / POC

Multiple Vendor SOAP Server Undisclosed Request Denial Of Service Vulnerability

There is no exploit required.

Solution / Fix

Multiple Vendor SOAP Server Undisclosed Request Denial Of Service Vulnerability

Solution:
Macromedia has released a security bulletin (MPSB04-04) and fixes to address this issue in affected products. Please see the referenced advisory for further details regarding the application of appropriate patches the patch is linked below.

Sun have released a security alert (Alert ID: 57517) to address this issue in affected products. This alert announces that Sun Java System Application Server 7 Update 3 has been released to address this issue. Please see the referenced advisory for further details regarding obtaining and applying the appropriate update.


Macromedia JRun 4.0 SP1a

Macromedia ColdFusion MX J2EE 6.0

Macromedia ColdFusion MX 6.0

Macromedia ColdFusion MX J2EE 6.1

Macromedia ColdFusion MX 6.1

Sun ONE Application Server 7.0 UR2 Platform Edition

Sun ONE Application Server 7.0 UR2 Standard Edition

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report