HTTP: Sun Java System Web Server JSP Source Code Disclosure
This signature detects attempts to exploit a known vulnerability in the Sun Java System Web Server. A successful attack can lead to unauthorized source code disclosure.
Extended Description
Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI.
Affected Products
Sun java_system_web_server
Short Name
HTTP:JAVA-JSP-SRC-CODE-DISC
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2009-2445 Code Disclosure JSP Java Server Source Sun System Web bid:35577
Release Date
06/11/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Sun
CVSS Score
5.0