CVE-2009-0278 Information

Description

Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request.

Reference

http://osvdb.org/51604 http://secunia.com/advisories/33725 http://sunsolve.sun.com/search/document.do?assetkey=1-21-119166-35-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-245446-1 http://www.securityfocus.com/bid/33397 http://www.vupen.com/english/advisories/2009/0208 https://exchange.xforce.ibmcloud.com/vulnerabilities/48161