OpenCVE

Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sun	Java System Application Server Java System Web Server

Configuration 1 [-]

OR	cpe:2.3:a:sun:java_system_application_server:7.0:::::::*
	cpe:2.3:a:sun:java_system_application_server:7.0::enterprise:::::
	cpe:2.3:a:sun:java_system_application_server:7.0::platform:::::
	cpe:2.3:a:sun:java_system_application_server:7.0::standard:::::
	cpe:2.3:a:sun:java_system_application_server:7.0:ur1:enterprise:::::*
	cpe:2.3:a:sun:java_system_application_server:7.0:ur1:standard:::::*
	cpe:2.3:a:sun:java_system_application_server:7.0:ur2:enterprise:::::*
	cpe:2.3:a:sun:java_system_application_server:7.0:ur2:platform:::::*
	cpe:2.3:a:sun:java_system_application_server:7.0:ur2:standard:::::*
	cpe:2.3:a:sun:java_system_application_server:7.0:ur4::::::
	cpe:2.3:a:sun:java_system_application_server:7.0:ur5:platform:::::*
	cpe:2.3:a:sun:java_system_application_server:7.0:ur5:standard:::::*
	cpe:2.3:a:sun:java_system_application_server:7.0:ur6:platform:::::*
	cpe:2.3:a:sun:java_system_application_server:7.0:ur6:standard:::::*
	cpe:2.3:a:sun:java_system_application_server:7.1:::::::*
	cpe:2.3:a:sun:java_system_application_server:8.1::enterprise:::::
	cpe:2.3:a:sun:java_system_application_server:8.1::platform:::::
	cpe:2.3:a:sun:java_system_application_server:8.1:ur1:platform:::::*
	cpe:2.3:a:sun:java_system_web_server:6.0:::::::*
	cpe:2.3:a:sun:java_system_web_server:6.1:::::::*
	cpe:2.3:a:sun:java_system_web_server:6.1:sp1::::::
	cpe:2.3:a:sun:java_system_web_server:6.1:sp2::::::
	cpe:2.3:a:sun:java_system_web_server:6.1:sp3::::::
	cpe:2.3:a:sun:java_system_web_server:6.1:sp4::::::
	cpe:2.3:a:sun:java_system_web_server:6.1:sp5::::::

No data.

References

Link	Providers
http://secunia.com/advisories/21251
http://secunia.com/advisories/22425
http://securitytracker.com/id?1016596
http://securitytracker.com/id?1016597
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1
http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm
http://www.securityfocus.com/bid/19200
http://www.vupen.com/english/advisories/2006/3020
https://exchange.xforce.ibmcloud.com/vulnerabilities/28061

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-07-28T23:00:00

Updated: 2024-08-07T18:48:39.274Z

Reserved: 2006-07-28T00:00:00

Link: CVE-2006-3921

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-07-28T23:04:00.000

Modified: 2017-07-20T01:32:41.570

Link: CVE-2006-3921

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object