CVE-2006-3921

Sun Java System Application Server <9 - Info Disclosure

Title source: llm
STIX 2.1

Description

Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.

References (9)

Core 9
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22425
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016596
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28061
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21251
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19200
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016597
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3020
Patch vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1

Scores

EPSS 0.0098
EPSS Percentile 76.9%

Details

Status published
Products (5)
sun/java_system_application_server 7.0 (14 CPE variants)
sun/java_system_application_server 7.1
sun/java_system_application_server 8.1 (3 CPE variants)
sun/java_system_web_server 6.0
sun/java_system_web_server 6.1 (6 CPE variants)
Published Jul 28, 2006
Tracked Since Feb 18, 2026