File Disclosure Vulnerability in Sun Java System Application Server and Web Server
CVE-2006-3921
Currently unrated
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 28 July 2006
Summary
The Sun Java System Application Server and Web Server are susceptible to a file disclosure vulnerability that allows remote authenticated users to access files outside of the designated document root directory. This is achieved by crafting a direct request with a UTF-8 encoded URI, potentially exposing sensitive information unintentionally stored on the server. It is critical for organizations using these servers to review their configurations and apply necessary security measures to mitigate this risk.
References
Timeline
Vulnerability published
Vulnerability Reserved