CVE-2009-0278

MEDIUM

Description

Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request.

References

http://osvdb.org/51604

http://secunia.com/advisories/33725

http://sunsolve.sun.com/search/document.do?assetkey=1-21-119166-35-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-245446-1

http://www.securityfocus.com/bid/33397

http://www.vupen.com/english/advisories/2009/0208

https://exchange.xforce.ibmcloud.com/vulnerabilities/48161

Details

Source: MITRE

Published: 2009-01-27

Updated: 2017-08-08

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:sun:java_system_application_server:8.1:*:linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_application_server:8.1:*:sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_application_server:8.1:*:windows:*:*:*:*:*

cpe:2.3:a:sun:java_system_application_server:8.1:*:x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_application_server:8.2:*:linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_application_server:8.2:*:sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_application_server:8.2:*:windows:*:*:*:*:*

cpe:2.3:a:sun:java_system_application_server:8.2:*:x86:*:*:*:*:*

Tenable Plugins

View all (14 total)

ID	Name	Product	Family	Severity
107913	Solaris 10 (x86) : 124673-20	Nessus	Solaris Local Security Checks	medium
107810	Solaris 10 (x86) : 119167-43	Nessus	Solaris Local Security Checks	high
107410	Solaris 10 (sparc) : 124672-20	Nessus	Solaris Local Security Checks	medium
68958	Sun Java System Application Server Information Disclosure	Nessus	Windows	medium
27509	Solaris 8 (sparc) : 124672-20	Nessus	Solaris Local Security Checks	medium
27099	Solaris 9 (x86) : 124673-20	Nessus	Solaris Local Security Checks	medium
27092	Solaris 9 (sparc) : 124672-20	Nessus	Solaris Local Security Checks	medium
27077	Solaris 10 (x86) : 124673-20 (deprecated)	Nessus	Solaris Local Security Checks	medium
27072	Solaris 10 (sparc) : 124672-20 (deprecated)	Nessus	Solaris Local Security Checks	medium
23610	Solaris 9 (x86) : 119167-43	Nessus	Solaris Local Security Checks	high
23552	Solaris 9 (sparc) : 119166-43	Nessus	Solaris Local Security Checks	high
23413	Solaris 8 (sparc) : 119166-43	Nessus	Solaris Local Security Checks	high
22988	Solaris 10 (x86) : 119167-43 (deprecated)	Nessus	Solaris Local Security Checks	high
22955	Solaris 10 (sparc) : 119166-43 (deprecated)	Nessus	Solaris Local Security Checks	high