CVE-2009-0278

MEDIUM

Description

Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request.

References

http://osvdb.org/51604

http://secunia.com/advisories/33725

http://sunsolve.sun.com/search/document.do?assetkey=1-21-119166-35-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-245446-1

http://www.securityfocus.com/bid/33397

http://www.vupen.com/english/advisories/2009/0208

https://exchange.xforce.ibmcloud.com/vulnerabilities/48161

Details

Source: MITRE

Published: 2009-01-27

Updated: 2017-08-08

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sun:java_system_application_server:8.1:*:linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_application_server:8.1:*:sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_application_server:8.1:*:windows:*:*:*:*:*

cpe:2.3:a:sun:java_system_application_server:8.1:*:x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_application_server:8.2:*:linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_application_server:8.2:*:sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_application_server:8.2:*:windows:*:*:*:*:*

cpe:2.3:a:sun:java_system_application_server:8.2:*:x86:*:*:*:*:*

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
107913Solaris 10 (x86) : 124673-20NessusSolaris Local Security Checks
medium
107810Solaris 10 (x86) : 119167-43NessusSolaris Local Security Checks
high
107410Solaris 10 (sparc) : 124672-20NessusSolaris Local Security Checks
medium
68958Sun Java System Application Server Information DisclosureNessusWindows
medium
27509Solaris 8 (sparc) : 124672-20NessusSolaris Local Security Checks
medium
27099Solaris 9 (x86) : 124673-20NessusSolaris Local Security Checks
medium
27092Solaris 9 (sparc) : 124672-20NessusSolaris Local Security Checks
medium
27077Solaris 10 (x86) : 124673-20 (deprecated)NessusSolaris Local Security Checks
medium
27072Solaris 10 (sparc) : 124672-20 (deprecated)NessusSolaris Local Security Checks
medium
23610Solaris 9 (x86) : 119167-43NessusSolaris Local Security Checks
high
23552Solaris 9 (sparc) : 119166-43NessusSolaris Local Security Checks
high
23413Solaris 8 (sparc) : 119166-43NessusSolaris Local Security Checks
high
22988Solaris 10 (x86) : 119167-43 (deprecated)NessusSolaris Local Security Checks
high
22955Solaris 10 (sparc) : 119166-43 (deprecated)NessusSolaris Local Security Checks
high