CVE-2009-2445

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Web Server
Vendor: CVE Published:; 13 July 2009

Summary

Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI.

References

http://jvn.jp/en/jp/JVN47124169/index.html

third-party-advisoryx_refsource_JVN

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

http://secunia.com/advisories/35701

third-party-advisoryx_refsource_SECUNIA

EPSS Score

26% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 13, 2009
Vulnerability Reserved
Jul 13, 2009