CVE-2006-3921

3 documents3 sources

Severity

4.0MEDIUM

EPSS

1.0%

top 23.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Java System Application Server SUN Java System WEB Server

Timeline

PublishedJul 28

Latest updateMay 1

Description

Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDsun/java_system_application_server7.0, 7.1, 8.1+2

▶NVDsun/java_system_web_server6.0, 6.1+1

Patches

Patch: securitytracker.com ↗Patch: securitytracker.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-c9qm-2w7h-fc5j: Sun Java System Application Server (SJSAS) 7 through 8↗2022-05-01

▶

CVEList

CVE-2006-3921: Sun Java System Application Server (SJSAS) 7 through 8↗2006-07-28

▶