Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the document root directory via a direct request using a UTF-8 encoded URI.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Java_system_application_server | Sun | 7.0 (including) | 7.0 (including) |
| Java_system_application_server | Sun | 7.0-ur1 (including) | 7.0-ur1 (including) |
| Java_system_application_server | Sun | 7.0-ur2 (including) | 7.0-ur2 (including) |
| Java_system_application_server | Sun | 7.0-ur4 (including) | 7.0-ur4 (including) |
| Java_system_application_server | Sun | 7.0-ur5 (including) | 7.0-ur5 (including) |
| Java_system_application_server | Sun | 7.0-ur6 (including) | 7.0-ur6 (including) |
| Java_system_application_server | Sun | 7.1 (including) | 7.1 (including) |
| Java_system_application_server | Sun | 8.1 (including) | 8.1 (including) |
| Java_system_application_server | Sun | 8.1-ur1 (including) | 8.1-ur1 (including) |
| Java_system_web_server | Sun | 6.0 (including) | 6.0 (including) |
| Java_system_web_server | Sun | 6.1 (including) | 6.1 (including) |
| Java_system_web_server | Sun | 6.1-sp1 (including) | 6.1-sp1 (including) |
| Java_system_web_server | Sun | 6.1-sp2 (including) | 6.1-sp2 (including) |
| Java_system_web_server | Sun | 6.1-sp3 (including) | 6.1-sp3 (including) |
| Java_system_web_server | Sun | 6.1-sp4 (including) | 6.1-sp4 (including) |
| Java_system_web_server | Sun | 6.1-sp5 (including) | 6.1-sp5 (including) |
References
- http://secunia.com/advisories/21251
- http://secunia.com/advisories/22425
- http://securitytracker.com/id?1016596
- http://securitytracker.com/id?1016597
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1
- http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm
- http://www.securityfocus.com/bid/19200
- http://www.vupen.com/english/advisories/2006/3020
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28061
- http://secunia.com/advisories/21251
- http://secunia.com/advisories/22425
- http://securitytracker.com/id?1016596
- http://securitytracker.com/id?1016597
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1
- http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm
- http://www.securityfocus.com/bid/19200
- http://www.vupen.com/english/advisories/2006/3020
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28061