CVE-2008-2120

SUN Java System Application Server < 7.0 - Information Disclosure

Title source: rule

Description

Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors.

References (7)

[Vendor Advisory] http://secunia.com/advisories/30122

[Patch] http://sunsolve.sun.com/search/document.do?assetkey=1-26-201255-1

[Patch] http://www.securityfocus.com/bid/29088

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42266

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019985

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019986

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1457/references

Scores

EPSS 0.0064

EPSS Percentile 70.1%

Classification

CWE

CWE-200

Status draft

Affected Products (3)

sun/java_system_application_server < 7.0

sun/java_system_web_server < 6.1

sun/java_system_web_server

Timeline

Published May 09, 2008

Tracked Since Feb 18, 2026