Information Disclosure Vulnerability in Sun Java System Application Server
CVE-2009-0278

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
27 January 2009

Summary

The Sun Java System Application Server versions 8.1 and 8.2 are susceptible to an information disclosure vulnerability that allows remote attackers to access sensitive Web Application configuration files located in the WEB-INF or META-INF directories. By crafting a malformed request, attackers can exploit this flaw to read confidential configurations, potentially aiding in further attacks or unauthorized access.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.