iDefense Security Advisory 06.03.08 - Remote exploitation of a buffer overflow vulnerability in Sun Microsystem's Java System Active Server Pages allows attackers to execute arbitrary code in the context of the ASP server. The vulnerability exists within the request handling code within the ASP server. An attacker supplied string is copied into a fixed size stack buffer without first validating that there is sufficient space available. By supplying a specially crafted request, an attacker can cause a stack-based buffer overflow. iDefense has confirmed the existence of this vulnerability within version 4.0.2 of Sun Microsystems Inc.'s Java System Active Server Pages. Older versions are suspected to be vulnerable.
e2f254af6aff69047008749f49ba6f0fb9cd30aa7d3d81dc5c29e530df9bbcff