Executive Summary

Title Sun Alert 266429 A Security Vulnerability in the Sun Java System Web Server Related to Handling of Dynamic Content May Lead to Unauthorized Information Disclosure
Name SUN-266429 First vendor Publication 2009-08-27
Vendor Sun Last vendor Modification 2009-09-11
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Product: Sun Java Web Server 6.1 Sun Java Web Server 7.0

A security vulnerability in the Sun Java System Web Server related to handling of dynamic content may allow a remote unprivileged user to gain access to sensitive information on a Windows system running the Sun Java System Web Server application.

This issue is also referenced in the following document:

State: Workaround
First released: 27-Aug-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_266429_a_security

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

CPE : Common Platform Enumeration

Application 11

OpenVAS Exploits

Date Description
2009-07-22 Name : Sun Java System Web Server '.jsp' Information Disclosure Vulnerability (Win)
File : nvt/gb_sun_java_sys_web_serv_info_disc_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
55655 Sun Java System Web Server ::$DATA Extension Request JSP Resource Disclosure

Snort® IPS/IDS

Date Description
2014-01-10 Oracle ONE Web Server JSP source code disclosure attempt
RuleID : 16682 - Revision : 9 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2009-07-07 Name : The remote web server is affected by a source code disclosure vulnerability.
File : sun_web_svr_jsp_src_disclosure.nasl - Type : ACT_ATTACK