Lucene search
HistoryJul 13, 2009 - 5:30 p.m.
CVE-2009-2445
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.199
Percentile
96.4%
Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI.
Affected configurations
Node
sunjava_system_web_serverMatch6.1windows
ORsunjava_system_web_serverMatch6.1sp10windows
ORsunjava_system_web_serverMatch6.1sp11windows
ORsunjava_system_web_serverMatch6.1sp4windows
ORsunjava_system_web_serverMatch6.1sp5windows
ORsunjava_system_web_serverMatch6.1sp6windows
ORsunjava_system_web_serverMatch6.1sp7windows
ORsunjava_system_web_serverMatch6.1sp8windows
ORsunjava_system_web_serverMatch6.1sp9windows
ORsunjava_system_web_serverMatch7.0update_5windows
ORsunjava_system_web_serverMatch7.0update_6windows
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sun | java_system_web_server | 6.1 | cpe:2.3:a:sun:java_system_web_server:6.1:*:windows:*:*:*:*:* |
| sun | java_system_web_server | 6.1 | cpe:2.3:a:sun:java_system_web_server:6.1:sp10:windows:*:*:*:*:* |
| sun | java_system_web_server | 6.1 | cpe:2.3:a:sun:java_system_web_server:6.1:sp11:windows:*:*:*:*:* |
| sun | java_system_web_server | 6.1 | cpe:2.3:a:sun:java_system_web_server:6.1:sp4:windows:*:*:*:*:* |
| sun | java_system_web_server | 6.1 | cpe:2.3:a:sun:java_system_web_server:6.1:sp5:windows:*:*:*:*:* |
| sun | java_system_web_server | 6.1 | cpe:2.3:a:sun:java_system_web_server:6.1:sp6:windows:*:*:*:*:* |
| sun | java_system_web_server | 6.1 | cpe:2.3:a:sun:java_system_web_server:6.1:sp7:windows:*:*:*:*:* |
| sun | java_system_web_server | 6.1 | cpe:2.3:a:sun:java_system_web_server:6.1:sp8:windows:*:*:*:*:* |
| sun | java_system_web_server | 6.1 | cpe:2.3:a:sun:java_system_web_server:6.1:sp9:windows:*:*:*:*:* |
| sun | java_system_web_server | 7.0 | cpe:2.3:a:sun:java_system_web_server:7.0:update_5:windows:*:*:*:*:* |
Related
jvn
jvn
JVN#47124169: Oracle iPlanet Web Server information disclosure vulnerability
2011-07-25 00:00:00
openvas
openvas
nessus
nessus
Sun Java System Web Server ::$DATA Extension Request JSP Resource Disclosure
2009-07-07 00:00:00
cvelist
cvelist
CVE-2009-2445
2009-07-13 17:00:00
cve
cve
CVE-2009-2445
2009-07-13 17:30:00
prion
prion
Buffer overflow
2009-07-13 17:30:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.199
Percentile
96.4%
Related for NVD:CVE-2009-2445