5
CVE-2009-2445
- EPSS 2.52%
- Veröffentlicht 13.07.2009 17:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:27
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sun ≫ Java System Web Server Version6.1 Editionwindows
Sun ≫ Java System Web Server Version6.1 Updatesp10 Editionwindows
Sun ≫ Java System Web Server Version6.1 Updatesp11 Editionwindows
Sun ≫ Java System Web Server Version6.1 Updatesp4 Editionwindows
Sun ≫ Java System Web Server Version6.1 Updatesp5 Editionwindows
Sun ≫ Java System Web Server Version6.1 Updatesp6 Editionwindows
Sun ≫ Java System Web Server Version6.1 Updatesp7 Editionwindows
Sun ≫ Java System Web Server Version6.1 Updatesp8 Editionwindows
Sun ≫ Java System Web Server Version6.1 Updatesp9 Editionwindows
Sun ≫ Java System Web Server Version7.0 Updateupdate_5 Editionwindows
Sun ≫ Java System Web Server Version7.0 Updateupdate_6 Editionwindows
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.52% | 0.828 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://isowarez.de/SunOne_Webserver.txt
http://jvn.jp/en/jp/JVN47124169/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2009-002069
http://secunia.com/advisories/35701
http://securitytracker.com/id?1022511
http://sunsolve.sun.com/search/document.do?assetkey=1-26-266429-1
http://www.osvdb.org/55655
http://www.vupen.com/english/advisories/2009/1786