CVE-2003-0411
published 2003-06-30CVE-2003-0411: Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
27.07%
97.8th percentile
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | sun_one_application_server | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Improper Interaction Between Multiple Correctly-Behaving Entities
mitre_cwe·CVSS 7.5
[HIGH] CWE-435 Improper Interaction Between Multiple Correctly-Behaving Entities
CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities
An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses.
When a system or process combines multiple independent components, this often produces new, emergent behaviors at the system level. However, if the interactions between these components are not fully accounted for, some of the emergent behaviors can be incorrect or even insecure.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Phase: Operation
Common Consequences:
Scope: Integrity. Impact: Unexpected State, Varies by Context.
Exampl
CWE
Improper Handling of Case Sensitivity
mitre_cwe
CWE-178 Improper Handling of Case Sensitivity
CWE-178: Improper Handling of Case Sensitivity
The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.
Improperly handled case sensitive data can lead to several possible consequences, including: case-insensitive passwords reducing the size of the key space, making brute force attacks easier bypassing filters or access controls using alternate names multiple interpretation errors using alternate names.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Access Control. Impact: Bypass Protection Mechanism.
Potential Mitigations:
[Architecture and Design] Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate n
CWE
Behavioral Change in New Version or Environment
mitre_cwe·CVSS 2.1
CVE-2002-1976 [LOW] CWE-439 Behavioral Change in New Version or Environment
CWE-439: Behavioral Change in New Version or Environment
A's behavior or functionality changes with a new version of A, or a new environment, which is not known (or manageable) by B.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Common Consequences:
Scope: Other. Impact: Quality Degradation, Varies by Context.
Observed Examples:
CVE-2002-1976: Linux kernel 2.2 and above allow promiscuous mode using a different method than previous versions, and ifconfig is not aware of the new method (alternate path property).
CVE-2005-1711: Product uses defunct method from another product that does not return an error code and allows detection avoidance.
CVE-2003-0411: chain: Code was ported from a case-sensitive Unix platform to a case-insensitive Windows platform where
http://marc.info/?l=bugtraq&m=105409846029475&w=2http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurityhttp://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1http://www.ciac.org/ciac/bulletins/n-103.shtmlhttp://www.iss.net/security_center/static/12093.phphttp://www.securityfocus.com/bid/7709http://www.spidynamics.com/sunone_alert.htmlhttp://marc.info/?l=bugtraq&m=105409846029475&w=2http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurityhttp://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1http://www.ciac.org/ciac/bulletins/n-103.shtmlhttp://www.iss.net/security_center/static/12093.phphttp://www.securityfocus.com/bid/7709http://www.spidynamics.com/sunone_alert.html
2003-06-30
Published