Remote File Access Vulnerability in Oracle iPlanet Web Server by Oracle
CVE-2009-2445

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Web Server
Vendor: CVE Published:; 13 July 2009

Summary

Oracle iPlanet Web Server versions 6.1 prior to Service Pack 12 and 7.0 until Update 6 on Windows systems are vulnerable to a remote file access issue. This vulnerability allows attackers to read arbitrary JSP files by using an alternate data stream syntax, exemplified by the URI pattern .jsp::$DATA. Such exploitation could lead to unauthorized information disclosure, allowing attackers to obtain sensitive data stored within JSP files.

References

http://jvn.jp/en/jp/JVN47124169/index.html

third-party-advisoryx_refsource_JVN

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

http://secunia.com/advisories/35701

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 13, 2009
Vulnerability Reserved
Jul 13, 2009