Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the document root directory via a direct request using a UTF-8 encoded URI.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Java_system_application_server | Sun | 7.0 (including) | 7.0 (including) |
| Java_system_application_server | Sun | 7.0-ur1 (including) | 7.0-ur1 (including) |
| Java_system_application_server | Sun | 7.0-ur2 (including) | 7.0-ur2 (including) |
| Java_system_application_server | Sun | 7.0-ur4 (including) | 7.0-ur4 (including) |
| Java_system_application_server | Sun | 7.0-ur5 (including) | 7.0-ur5 (including) |
| Java_system_application_server | Sun | 7.0-ur6 (including) | 7.0-ur6 (including) |
| Java_system_application_server | Sun | 7.1 (including) | 7.1 (including) |
| Java_system_application_server | Sun | 8.1 (including) | 8.1 (including) |
| Java_system_application_server | Sun | 8.1-ur1 (including) | 8.1-ur1 (including) |
| Java_system_web_server | Sun | 6.0 (including) | 6.0 (including) |
| Java_system_web_server | Sun | 6.1 (including) | 6.1 (including) |
| Java_system_web_server | Sun | 6.1-sp1 (including) | 6.1-sp1 (including) |
| Java_system_web_server | Sun | 6.1-sp2 (including) | 6.1-sp2 (including) |
| Java_system_web_server | Sun | 6.1-sp3 (including) | 6.1-sp3 (including) |
| Java_system_web_server | Sun | 6.1-sp4 (including) | 6.1-sp4 (including) |
| Java_system_web_server | Sun | 6.1-sp5 (including) | 6.1-sp5 (including) |