CVE-2009-2445

N/A Unknown
Published: July 13, 2009 Modified: April 23, 2026
View on NVD

Description

Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://isowarez.de/SunOne_Webserver.txt
Source: cve@mitre.org
Exploit
http://jvn.jp/en/jp/JVN47124169/index.html
Source: cve@mitre.org
http://jvndb.jvn.jp/jvndb/JVNDB-2009-002069
Source: cve@mitre.org
http://secunia.com/advisories/35701
Source: cve@mitre.org
Vendor Advisory
http://securitytracker.com/id?1022511
Source: cve@mitre.org
Exploit
http://sunsolve.sun.com/search/document.do?assetkey=1-26-266429-1
Source: cve@mitre.org
Vendor Advisory
http://www.osvdb.org/55655
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2009/1786
Source: cve@mitre.org
Vendor Advisory
http://isowarez.de/SunOne_Webserver.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
http://jvn.jp/en/jp/JVN47124169/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://jvndb.jvn.jp/jvndb/JVNDB-2009-002069
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/35701
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securitytracker.com/id?1022511
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
http://sunsolve.sun.com/search/document.do?assetkey=1-26-266429-1
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.osvdb.org/55655
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2009/1786
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

16 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.8%
74th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-200

Affected Vendors

sun

Related CVEs

CVE-2026-7041 3.7
CVE-2026-7039 7.8
CVE-2026-7038 3.3
CVE-2026-7037 9.8
CVE-2026-7036 7.3