Sun Java System Application Server Information Disclosure Vulnerability Network Vulnerability

Summary

The host is running Java Application Server and is prone to information disclosure vulnerability.

Impact

Successful exploitation could allow remote unprivileged user to read Web Application configuration files in 'WEB-INF' and 'META-INF' directories. Impact Level: Application

Solution

Apply the security updates. http://sunsolve.sun.com/search/document.do?assetkey=1-66-245446-1 ***** NOTE: Please ignore this warning, if above mentioned patch is applied. *****

Insight

A security vulnerability in Java Application server may expose sensitive directory contents i.e. 'WEB-INF' and 'META-INF' via malformed requests.

Affected

Java System Application Server version 8.1 and 8.2 on Linux and Windows.

References

http://osvdb.org/51604
http://secunia.com/advisories/33725
http://xforce.iss.net/xforce/xfdb/48161

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-0278

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
Admidio get_file.php Remote File Disclosure Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability
Adobe JRun Management Console Multiple Vulnerabilities
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability

Sun Java System Application Server Information Disclosure vulnerability

Take action and discover your vulnerabilities