Remote File Access Vulnerability in Oracle iPlanet Web Server by Oracle
CVE-2009-2445
Currently unrated
Summary
Oracle iPlanet Web Server versions 6.1 prior to Service Pack 12 and 7.0 until Update 6 on Windows systems are vulnerable to a remote file access issue. This vulnerability allows attackers to read arbitrary JSP files by using an alternate data stream syntax, exemplified by the URI pattern .jsp::$DATA. Such exploitation could lead to unauthorized information disclosure, allowing attackers to obtain sensitive data stored within JSP files.
References
Timeline
Vulnerability published
Vulnerability Reserved