[Japanese]

JVNDB-2009-002069

Oracle iPlanet Web Server information disclosure vulnerability

Overview

Oracle iPlanet Web Server (formerly Sun Java System Web Server) contains an information disclosure vulnerability.

Oracle iPlanet Web Server (formerly Sun Java System Web Server) is a web server. Oracle iPlanet Web Server contains an information disclosure vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


Oracle Corporation
  • Oracle iPlanet Web Server prior to 6.1 SP12

Impact

A remote attacker may obtain source code.
Solution

[Upgrade the Software]
Update to the latest version according to information provided by the vendor.
Vendor Information

Oracle Corporation
CWE (What is CWE?)

  1. Information Exposure(CWE-200) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2009-2445
References

  1. JVN : JVN#47124169
  2. National Vulnerability Database (NVD) : CVE-2009-2445
  3. Secunia Advisory : SA35701
  4. SecurityFocus : 35577
  5. SecurityTracker : 1022511
  6. OPEN SOURCE VULNERABILITY DATABASE (OSVDB) : 55655
Revision History

  • [2009/10/06]
      Web page published
    [2011/07/25]
      According to JVN#47124169, Subject, Overview, Affected Products, Impact, Solution, and Vendor Information updated. CVSS and CWE changed into IPA Evaluation.