iDefense Security Advisory 06.03.08 - Remote exploitation of an information disclosure vulnerability in Sun Microsystem's Java System Active Server Pages allows attackers to obtain sensitive information. This vulnerability exists due to the placement of the password and configuration data within the application server root directory. By making requests for specific, sensitive documents an attacker could obtain the configuration or password hashes of allowed users. iDefense has confirmed the existence of this vulnerability within version 4.0.2 of Sun Microsystems Inc.'s Java System Active Server Pages. Older versions are suspected to be vulnerable.
23551924e25899f23827e631212b476536014a10dda1d024bd06c64162776740
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed