Remote File Access Vulnerability in Oracle iPlanet Web Server by Oracle
CVE-2009-2445

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
13 July 2009

Summary

Oracle iPlanet Web Server versions 6.1 prior to Service Pack 12 and 7.0 until Update 6 on Windows systems are vulnerable to a remote file access issue. This vulnerability allows attackers to read arbitrary JSP files by using an alternate data stream syntax, exemplified by the URI pattern .jsp::$DATA. Such exploitation could lead to unauthorized information disclosure, allowing attackers to obtain sensitive data stored within JSP files.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.