Sun Java System Application Server HTTP Error Page Path Disclosure

2004-05-28T05:28:11
ID OSVDB:6446
Type osvdb
Reporter Marc Schoenefel(schonef@acm.org)
Modified 2004-05-28T05:28:11

Description

Vulnerability Description

Sun Java System Application Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when HTTP GET requests containing multiple slashes and reserved DOS device names are received, which will disclose the absolute path of the document root, resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Sun Java System Application Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when HTTP GET requests containing multiple slashes and reserved DOS device names are received, which will disclose the absolute path of the document root, resulting in a loss of confidentiality.

References:

Vendor URL: http://java.sun.com Secunia Advisory ID:11730