Sun Java System Application Server Information Disclosure Vulnerability Network Vulnerability

Summary

The host is running Java Application Server and is prone to information disclosure vulnerability.

Impact

Successful exploitation could allow remote unprivileged user to read Web Application configuration files in 'WEB-INF' and 'META-INF' directories. Impact Level: Application

Solution

Apply the security updates. http://sunsolve.sun.com/search/document.do?assetkey=1-66-245446-1 ***** NOTE: Please ignore this warning, if above mentioned patch is applied. *****

Insight

A security vulnerability in Java Application server may expose sensitive directory contents i.e. 'WEB-INF' and 'META-INF' via malformed requests.

Affected

Java System Application Server version 8.1 and 8.2 on Linux and Windows.

References

http://osvdb.org/51604
http://secunia.com/advisories/33725
http://xforce.iss.net/xforce/xfdb/48161

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-0278

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

12Planet Chat Server one2planet.infolet.InfoServlet XSS
Apache mod_proxy_ajp Information Disclosure Vulnerability
Apache Tomcat TroubleShooter Servlet Installed
Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
AbanteCart Multiple Cross-Site Scripting Vulnerabilities

Sun Java System Application Server Information Disclosure vulnerability

Take action and discover your vulnerabilities