CVE-2009-2445 Information

Description

Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12 and 7.0 through Update 6 when running on Windows allows remote attackers to read arbitrary JSP files via an alternate data stream syntax as demonstrated by a .jsp::$DATA URI.

Reference

http://isowarez.de/SunOne_Webserver.txt http://jvn.jp/en/jp/JVN47124169/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2009-002069 http://secunia.com/advisories/35701 http://securitytracker.com/id?1022511 http://sunsolve.sun.com/search/document.do?assetkey=1-26-266429-1 http://www.osvdb.org/55655 http://www.vupen.com/english/advisories/2009/1786