Information Disclosure Vulnerability in Sun Java System Application Server
CVE-2009-0278

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Application Server
Vendor: CVE Published:; 27 January 2009

What is CVE-2009-0278?

The Sun Java System Application Server versions 8.1 and 8.2 are susceptible to an information disclosure vulnerability that allows remote attackers to access sensitive Web Application configuration files located in the WEB-INF or META-INF directories. By crafting a malformed request, attackers can exploit this flaw to read confidential configurations, potentially aiding in further attacks or unauthorized access.

References

http://osvdb.org/51604

vdb-entryx_refsource_OSVDB

http://www.vupen.com/english/advisories/2009/0208

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/48161

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2009
Vulnerability Reserved
Jan 26, 2009

Oracle

What is CVE-2009-0278?

References

Timeline