CVE-2009-2445
Summary
| CVE | CVE-2009-2445 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-07-13 17:30:00 UTC |
| Updated | 2011-08-29 04:00:00 UTC |
| Description | Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sun | Java System Web Server | 6.1 | All | windows | All |
| Application | Sun | Java System Web Server | 6.1 | sp10 | windows | All |
| Application | Sun | Java System Web Server | 6.1 | sp11 | windows | All |
| Application | Sun | Java System Web Server | 6.1 | sp4 | windows | All |
| Application | Sun | Java System Web Server | 6.1 | sp5 | windows | All |
| Application | Sun | Java System Web Server | 6.1 | sp6 | windows | All |
| Application | Sun | Java System Web Server | 6.1 | sp7 | windows | All |
| Application | Sun | Java System Web Server | 6.1 | sp8 | windows | All |
| Application | Sun | Java System Web Server | 6.1 | sp9 | windows | All |
| Application | Sun | Java System Web Server | 7.0 | update_5 | windows | All |
| Application | Sun | Java System Web Server | 7.0 | update_6 | windows | All |
| Application | Sun | Java System Web Server | 6.1 | All | windows | All |
| Application | Sun | Java System Web Server | 6.1 | sp10 | windows | All |
| Application | Sun | Java System Web Server | 6.1 | sp11 | windows | All |
| Application | Sun | Java System Web Server | 6.1 | sp4 | windows | All |
| Application | Sun | Java System Web Server | 6.1 | sp5 | windows | All |
| Application | Sun | Java System Web Server | 6.1 | sp6 | windows | All |
| Application | Sun | Java System Web Server | 6.1 | sp7 | windows | All |
| Application | Sun | Java System Web Server | 6.1 | sp8 | windows | All |
| Application | Sun | Java System Web Server | 6.1 | sp9 | windows | All |
| Application | Sun | Java System Web Server | 7.0 | update_5 | windows | All |
| Application | Sun | Java System Web Server | 7.0 | update_6 | windows | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 266429 | SUNALERT | sunsolve.sun.com | Vendor Advisory |
| Sun Java System Web Server Java Server Pages Content Disclosure - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| Sun Java System Web Server Discloses JSP Source Code to Remote Users - SecurityTracker | SECTRACK | securitytracker.com | Exploit |
| JVN#47124169: Oracle iPlanet Web Server information disclosure vulnerability | JVN | jvn.jp | |
| Page not found – Iso Warez | MISC | isowarez.de | Exploit |
| JVNDB-2009-002069 | JVNDB | jvndb.jvn.jp | |
| 55655 | OSVDB | www.osvdb.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.