Sun Java System Application Server (SJSAS) 7 up to and including 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun java system application server 7.0 |
||
sun java system application server 8.1 |
||
sun java system web server 6.0 |
||
sun java system application server 7.1 |
||
sun java system web server 6.1 |