Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2445

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-2445
Last Modified 29 Aug 2011 12:00:00
Published 13 Jul 2009 01:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2445

Summary

Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI.

Vulnerable Systems

Application

  • Sun Java System Web Server 6.1

  • Sun Java System Web Server 7.0


References

VUPEN - ADV-2009-1786

OSVDB - 55655

SUNALERT - 266429

SECTRACK - 1022511

SECUNIA - 35701

JVNDB - JVNDB-2009-002069

JVN - JVN#47124169

MISC - http://isowarez.de/SunOne_Webserver.txt


Last Updated: 27 May 2016 10:50:54