Information Disclosure Vulnerability in Sun Java System Application Server
CVE-2009-0278

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Application Server
Vendor: CVE Published:; 27 January 2009

Summary

The Sun Java System Application Server versions 8.1 and 8.2 are susceptible to an information disclosure vulnerability that allows remote attackers to access sensitive Web Application configuration files located in the WEB-INF or META-INF directories. By crafting a malformed request, attackers can exploit this flaw to read confidential configurations, potentially aiding in further attacks or unauthorized access.

References

http://osvdb.org/51604

vdb-entryx_refsource_OSVDB

http://www.vupen.com/english/advisories/2009/0208

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/48161

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 27, 2009
Vulnerability Reserved
Jan 26, 2009