header-logo
Suggest Exploit
vendor:
Sun ONE Application Server
by:
SecurityFocus
7.5
CVSS
HIGH
Source Code Disclosure
200
CWE
Product Name: Sun ONE Application Server
Affected Version From: Sun ONE Application Server 7.0
Affected Version To: Previous versions
Patch Exists: YES
Related CWE: N/A
CPE: a:sun:sun_one_application_server:7.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows
2002

Sun ONE Application Server Source Code Disclosure Vulnerability

Sun ONE Application Server is prone to a source code disclosure vulnerability. This issue is due to handling of case in requests for resources. By changing the case of a file extension, the server may fail to interpret the script and instead serve it as a normal web resource.

Mitigation:

Ensure that the server is configured to properly handle case in requests for resources.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7709/info

Sun ONE Application Server is prone to a source code disclosure vulnerability. This issue is due to handling of case in requests for resources. By changing the case of a file extension, the server may fail to interpret the script and instead serve it as a normal web resource.

This issue exists for Sun ONE Application Server 7.0 on Microsoft Windows platforms. Previous versions may also be affected. 

GET /[script].JSP HTTP/1.0

where [script] is the name of a script hosted by the server.

Navigation

Suggest Exploit

Services By CQR