7.5

CVE-2003-0411

Exploit
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleSun One Application Server Version7.0
   MicrosoftWindows 2000 Version-
   MicrosoftWindows Xp Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 27.07% 0.978
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-178 Improper Handling of Case Sensitivity

The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.

http://marc.info/?l=bugtraq&m=105409846029475&w=2
Exploit
Mailing List
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity
Patch
Vendor Advisory
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1
Broken Link
http://www.ciac.org/ciac/bulletins/n-103.shtml
Patch
Vendor Advisory
Broken Link
http://www.iss.net/security_center/static/12093.php
Patch
Vendor Advisory
Broken Link
http://www.securityfocus.com/bid/7709
Patch
Third Party Advisory
Vendor Advisory
Exploit
Broken Link
VDB Entry
http://www.spidynamics.com/sunone_alert.html
Broken Link