Lucene search

[email protected]CVE-2006-3921

HistoryJul 28, 2006 - 11:04 p.m.

CVE-2006-3921

2006-07-2823:04:00

[email protected]

web.nvd.nist.gov

cve-2006-3921

sun java system

sjsas

sjsws

remote access

file reading vulnerability

utf-8 encoding

6.1 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

71.6%

JSON

Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the “document root directory” via a direct request using a UTF-8 encoded URI.

Affected configurations

NVD

Node

sunjava_system_application_serverMatch7.0

sunjava_system_application_serverMatch7.0enterprise

sunjava_system_application_serverMatch7.0platform

sunjava_system_application_serverMatch7.0standard

sunjava_system_application_serverMatch7.0ur1enterprise

sunjava_system_application_serverMatch7.0ur1standard

sunjava_system_application_serverMatch7.0ur2enterprise

sunjava_system_application_serverMatch7.0ur2platform

sunjava_system_application_serverMatch7.0ur2standard

sunjava_system_application_serverMatch7.0ur4

sunjava_system_application_serverMatch7.0ur5platform

sunjava_system_application_serverMatch7.0ur5standard

sunjava_system_application_serverMatch7.0ur6platform

sunjava_system_application_serverMatch7.0ur6standard

sunjava_system_application_serverMatch7.1

sunjava_system_application_serverMatch8.1enterprise

sunjava_system_application_serverMatch8.1platform

sunjava_system_application_serverMatch8.1ur1platform

sunjava_system_web_serverMatch6.0

sunjava_system_web_serverMatch6.1

sunjava_system_web_serverMatch6.1sp1

sunjava_system_web_serverMatch6.1sp2

sunjava_system_web_serverMatch6.1sp3

sunjava_system_web_serverMatch6.1sp4

sunjava_system_web_serverMatch6.1sp5

CPENameOperatorVersion
sun:java_system_application_serversun java system application servereq7.0
sun:java_system_application_serversun java system application servereq7.1
sun:java_system_application_serversun java system application servereq8.1
sun:java_system_web_serversun java system web servereq6.0
sun:java_system_web_serversun java system web servereq6.1

CPE	Name	Operator	Version
sun:java_system_application_server	sun java system application server	eq	7.0
sun:java_system_application_server	sun java system application server	eq	7.1
sun:java_system_application_server	sun java system application server	eq	8.1
sun:java_system_web_server	sun java system web server	eq	6.0
sun:java_system_web_server	sun java system web server	eq	6.1

References

secunia.com/advisories/21251

secunia.com/advisories/22425

securitytracker.com/id?1016596

securitytracker.com/id?1016597

sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1

support.avaya.com/elmodocs2/security/ASA-2006-204.htm

www.securityfocus.com/bid/19200

www.vupen.com/english/advisories/2006/3020

exchange.xforce.ibmcloud.com/vulnerabilities/28061

6.1 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

71.6%

JSON

Related for CVE-2006-3921

cvelist1 nvd1 nessus5