File Disclosure Vulnerability in Sun Java System Application Server and Web Server
CVE-2006-3921

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
28 July 2006

Summary

The Sun Java System Application Server and Web Server are susceptible to a file disclosure vulnerability that allows remote authenticated users to access files outside of the designated document root directory. This is achieved by crafting a direct request with a UTF-8 encoded URI, potentially exposing sensitive information unintentionally stored on the server. It is critical for organizations using these servers to review their configurations and apply necessary security measures to mitigate this risk.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.