Features and Enhancements in 7.0 Update 8

Web Server 7.0 Update 8 contains the following fixes for security vulnerabilities:

Bug 6916389 describes the buffer overflow vulnerabilities in the WebDAV extensions to Sun Java System Web Server. These issues may allow remote clients to trigger a Web Server crash, thus resulting in a Denial of Service (DoS) condition. These issues may also allow remote unauthorized users to gain elevated privileges, enabling them to access and modify sensitive files.

Bug 6916390 describes the format string vulnerabilities in the WebDAV extensions to Sun Java System Web Server. These issues may allow remote clients to trigger a Web Server crash, thus resulting in a Denial of Service (DoS) condition. These issues may also allow remote unauthorized users to gain elevated privileges, enabling them to access and modify sensitive files.

Bug 6916391 describes the buffer overflow issues in the Digest Authentication methods in Sun Java System Web Server, which may allow remote unprivileged users to crash the Web Server, thus leading to a Denial of Service (DoS) condition. These issues may also lead to execution of arbitrary code with elevated privileges.

Bug 6916392 describes the heap overflow issues in the HTTP TRACE functionality in Sun Java System Web Server, which may allow remote unprivileged users to crash the Web Server, thus leading to a Denial of Service (DoS) condition. These issues may also be exploited to gain unauthorized access to sensitive information.