Note: This is an archival copy of Security Sun Alert 245446 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019765.1.
Sun Java System Application Server
Date of Resolved Release
A Security Vulnerability in Sun Java System Application Server May Expose an Application's WEB-INF and META-INF Content
A security vulnerability in Sun Java System Application Server may allow a remote unprivileged user to read Web Application configuration files in WEB-INF and META-INF directories.
2. Contributing Factors
This issue can occur in the following releases:
To determine the version of Sun Java System Application Server on a system, the following command can be run:
$ <AS-install>/bin/asadmin -version(Where <AS-install> is the installation directory of the Application Server).
There are no predictable symptoms that would indicate this issue has been exploited.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment