CVE-2003-0411 - OpenCVE

Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows Xp Windows 2000
Oracle	Sun One Application Server

Configuration 1 [-]

AND

cpe:2.3:a:oracle:sun_one_application_server:7.0:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_2000:-:::::::*
	cpe:2.3:o:microsoft:windows_xp:-:::::::*

References

Link	Resource
http://marc.info/?l=bugtraq&m=105409846029475&w=2	Exploit Mailing List
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity	Broken Link Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1	Broken Link
http://www.ciac.org/ciac/bulletins/n-103.shtml	Broken Link Patch Vendor Advisory
http://www.iss.net/security_center/static/12093.php	Broken Link Patch Vendor Advisory
http://www.securityfocus.com/bid/7709	Broken Link Exploit Patch Third Party Advisory VDB Entry Vendor Advisory
http://www.spidynamics.com/sunone_alert.html	Broken Link

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2003-06-11T04:00:00

Updated: 2016-10-17T13:57:01

Reserved: 2003-06-10T00:00:00

Link: CVE-2003-0411

JSON object: View

NVD Information

Status : Analyzed

Published: 2003-06-30T04:00:00.000

Modified: 2024-02-02T02:18:03.430

Link: CVE-2003-0411

JSON object: View

Redhat Information

No data.

CWE

CWE-178

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-05-26T00:00:00", "descriptions": [{"lang": "en", "value": "Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase \".JSP\" extension instead of the lowercase .jsp extension."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.spidynamics.com/sunone_alert.html"}, {"name": "sunone-jsp-source-disclosure(12093)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/12093.php"}, {"name": "55221", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity"}, {"name": "N-103", "tags": ["third-party-advisory", "government-resource", "x_refsource_CIAC"], "url": "http://www.ciac.org/ciac/bulletins/n-103.shtml"}, {"name": "20030526 Multiple Vulnerabilities in Sun-One Application Server", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105409846029475&w=2"}, {"name": "7709", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/7709"}, {"name": "1000610", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0411", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase \".JSP\" extension instead of the lowercase .jsp extension."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.spidynamics.com/sunone_alert.html", "refsource": "MISC", "url": "http://www.spidynamics.com/sunone_alert.html"}, {"name": "sunone-jsp-source-disclosure(12093)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/12093.php"}, {"name": "55221", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity"}, {"name": "N-103", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/n-103.shtml"}, {"name": "20030526 Multiple Vulnerabilities in Sun-One Application Server", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105409846029475&w=2"}, {"name": "7709", "refsource": "BID", "url": "http://www.securityfocus.com/bid/7709"}, {"name": "1000610", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0411", "datePublished": "2003-06-11T04:00:00", "dateReserved": "2003-06-10T00:00:00", "dateUpdated": "2016-10-17T13:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:sun_one_application_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "7514FCF4-3C0C-49F4-929E-A5EF62AD8FE2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*", "matchCriteriaId": "685F1981-EA61-4A00-89F8-A748A88962F8", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47EBFCC-1828-45AB-BC6D-FB980929A81A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase \".JSP\" extension instead of the lowercase .jsp extension."}, {"lang": "es", "value": "Sun ONE Application Server 7.0 para Windows 2000/XP permite atacantes remotos obtener c\u00f3digo fuente JSP mediante una petici\u00f3n que usa la extens\u00edon \".JSP\", con letras may\u00fasculas, en lugar de \".jsp\", en min\u00fasculas."}], "id": "CVE-2003-0411", "lastModified": "2024-02-02T02:18:03.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2003-06-30T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List"], "url": "http://marc.info/?l=bugtraq&m=105409846029475&w=2"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "url": "http://www.ciac.org/ciac/bulletins/n-103.shtml"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "url": "http://www.iss.net/security_center/static/12093.php"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Exploit", "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/7709"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.spidynamics.com/sunone_alert.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-178"}], "source": "nvd@nist.gov", "type": "Primary"}]}