CVE-2009-2445

EUVD-2009-2440
Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
sunjava_system_web_server
6.1
sunjava_system_web_server
6.1:sp10
sunjava_system_web_server
6.1:sp11
sunjava_system_web_server
6.1:sp4
sunjava_system_web_server
6.1:sp5
sunjava_system_web_server
6.1:sp6
sunjava_system_web_server
6.1:sp7
sunjava_system_web_server
6.1:sp8
sunjava_system_web_server
6.1:sp9
sunjava_system_web_server
7.0:update_5
sunjava_system_web_server
7.0:update_6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://isowarez.de/SunOne_Webserver.txt
http://jvn.jp/en/jp/JVN47124169/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2009-002069
http://secunia.com/advisories/35701
http://securitytracker.com/id?1022511
http://sunsolve.sun.com/search/document.do?assetkey=1-26-266429-1
http://www.osvdb.org/55655
http://www.vupen.com/english/advisories/2009/1786
http://isowarez.de/SunOne_Webserver.txt
http://jvn.jp/en/jp/JVN47124169/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2009-002069
http://secunia.com/advisories/35701
http://securitytracker.com/id?1022511
http://sunsolve.sun.com/search/document.do?assetkey=1-26-266429-1
http://www.osvdb.org/55655
http://www.vupen.com/english/advisories/2009/1786