4

CVE-2006-3921

Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunJava System Application Server Version7.0 Editionenterprise
SunJava System Application Server Version7.0 Editionplatform
SunJava System Application Server Version7.0 Editionstandard
SunJava System Application Server Version7.0 Updateur1 Editionenterprise
SunJava System Application Server Version7.0 Updateur1 Editionstandard
SunJava System Application Server Version7.0 Updateur2 Editionenterprise
SunJava System Application Server Version7.0 Updateur2 Editionplatform
SunJava System Application Server Version7.0 Updateur2 Editionstandard
SunJava System Application Server Version7.0 Updateur4
SunJava System Application Server Version7.0 Updateur5 Editionplatform
SunJava System Application Server Version7.0 Updateur5 Editionstandard
SunJava System Application Server Version7.0 Updateur6 Editionplatform
SunJava System Application Server Version7.0 Updateur6 Editionstandard
SunJava System Application Server Version8.1 Editionenterprise
SunJava System Application Server Version8.1 Editionplatform
SunJava System Application Server Version8.1 Updateur1 Editionplatform
SunJava System Web Server Version6.0
SunJava System Web Server Version6.1
SunJava System Web Server Version6.1 Updatesp1
SunJava System Web Server Version6.1 Updatesp2
SunJava System Web Server Version6.1 Updatesp3
SunJava System Web Server Version6.1 Updatesp4
SunJava System Web Server Version6.1 Updatesp5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.17% 0.799
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/22425
http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm
http://secunia.com/advisories/21251
http://securitytracker.com/id?1016596
Patch
http://securitytracker.com/id?1016597
Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1
Patch
http://www.securityfocus.com/bid/19200
Patch
http://www.vupen.com/english/advisories/2006/3020
https://exchange.xforce.ibmcloud.com/vulnerabilities/28061