Vulnerability Description
Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Java System Web Server | 6.1 |
Related Weaknesses (CWE)
References
- http://isowarez.de/SunOne_Webserver.txtExploit
- http://jvn.jp/en/jp/JVN47124169/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2009-002069
- http://secunia.com/advisories/35701Vendor Advisory
- http://securitytracker.com/id?1022511Exploit
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-266429-1Vendor Advisory
- http://www.osvdb.org/55655
- http://www.vupen.com/english/advisories/2009/1786Vendor Advisory
- http://isowarez.de/SunOne_Webserver.txtExploit
- http://jvn.jp/en/jp/JVN47124169/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2009-002069
- http://secunia.com/advisories/35701Vendor Advisory
- http://securitytracker.com/id?1022511Exploit
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-266429-1Vendor Advisory
- http://www.osvdb.org/55655
FAQ
What is CVE-2009-2445?
CVE-2009-2445 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP ...
How severe is CVE-2009-2445?
CVE-2009-2445 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2445?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Java System Web Server.