File Disclosure Vulnerability in Sun Java System Application Server and Web Server
CVE-2006-3921

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Application Server; Java System Web Server
Vendor: CVE Published:; 28 July 2006

Summary

The Sun Java System Application Server and Web Server are susceptible to a file disclosure vulnerability that allows remote authenticated users to access files outside of the designated document root directory. This is achieved by crafting a direct request with a UTF-8 encoded URI, potentially exposing sensitive information unintentionally stored on the server. It is critical for organizations using these servers to review their configurations and apply necessary security measures to mitigate this risk.

References

http://secunia.com/advisories/22425

third-party-advisoryx_refsource_SECUNIA

http://securitytracker.com/id?1016596

vdb-entryx_refsource_SECTRACK

http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 28, 2006
Vulnerability Reserved
Jul 28, 2006