Rapid7 Vulnerability & Exploit Database

Sun Java System Web Server WebDAV OPTIONS Buffer Overflow

Back to Search

Sun Java System Web Server WebDAV OPTIONS Buffer Overflow



This module exploits a buffer overflow in Sun Java Web Server prior to version 7 Update 8. By sending an "OPTIONS" request with an overly long path, attackers can execute arbitrary code. In order to reach the vulnerable code, the attacker must also specify the path to a directory with WebDAV enabled. This exploit was tested and confirmed to work on Windows XP SP3 without DEP. Versions for other platforms are vulnerable as well. The vulnerability was originally discovered and disclosed by Evgeny Legerov of Intevydis.


  • jduck <jduck@metasploit.com>




Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/http/sun_jsws_dav_options
msf exploit(sun_jsws_dav_options) > show targets
msf exploit(sun_jsws_dav_options) > set TARGET < target-id >
msf exploit(sun_jsws_dav_options) > show options
    ...show and set options...
msf exploit(sun_jsws_dav_options) > exploit

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security