CVE-2003-0411 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Oracle	Sun One Application Server	7.0
Microsoft	Windows 2000	-
Microsoft	Windows Xp	-

Related Weaknesses (CWE)

CWE-178

References

http://marc.info/?l=bugtraq&m=105409846029475&w=2ExploitMailing List
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=categoryBroken LinkPatchVendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1Broken Link
http://www.ciac.org/ciac/bulletins/n-103.shtmlBroken LinkPatchVendor Advisory
http://www.iss.net/security_center/static/12093.phpBroken LinkPatchVendor Advisory
http://www.securityfocus.com/bid/7709Broken LinkExploitPatch
http://www.spidynamics.com/sunone_alert.htmlBroken Link
http://marc.info/?l=bugtraq&m=105409846029475&w=2ExploitMailing List
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=categoryBroken LinkPatchVendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1Broken Link
http://www.ciac.org/ciac/bulletins/n-103.shtmlBroken LinkPatchVendor Advisory
http://www.iss.net/security_center/static/12093.phpBroken LinkPatchVendor Advisory
http://www.securityfocus.com/bid/7709Broken LinkExploitPatch
http://www.spidynamics.com/sunone_alert.htmlBroken Link

FAQ

What is CVE-2003-0411?

CVE-2003-0411 is a vulnerability with a CVSS score of 7.5 (HIGH). Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.

How severe is CVE-2003-0411?

CVE-2003-0411 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2003-0411?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Sun One Application Server, Microsoft Windows 2000, Microsoft Windows Xp.