5
CVE-2009-2445
- EPSS 0.82%
- Published 13.07.2009 17:30:00
- Last modified 09.04.2025 00:30:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI.
Data is provided by the National Vulnerability Database (NVD)
Sun ≫ Java System Web Server Version6.1 Editionwindows
Sun ≫ Java System Web Server Version6.1 Updatesp10 Editionwindows
Sun ≫ Java System Web Server Version6.1 Updatesp11 Editionwindows
Sun ≫ Java System Web Server Version6.1 Updatesp4 Editionwindows
Sun ≫ Java System Web Server Version6.1 Updatesp5 Editionwindows
Sun ≫ Java System Web Server Version6.1 Updatesp6 Editionwindows
Sun ≫ Java System Web Server Version6.1 Updatesp7 Editionwindows
Sun ≫ Java System Web Server Version6.1 Updatesp8 Editionwindows
Sun ≫ Java System Web Server Version6.1 Updatesp9 Editionwindows
Sun ≫ Java System Web Server Version7.0 Updateupdate_5 Editionwindows
Sun ≫ Java System Web Server Version7.0 Updateupdate_6 Editionwindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.82% | 0.733 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.