CVE-2003-0411

Published: Jun 30, 2003Modified: Apr 16, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.

Affected (1)

Products: Oracle: Sun One Application Server

Oracle

1 product

Sun One Application Server

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Oracle Sun One Application Server	Version 7.0

Running on/with	Platform Versions
Microsoft Windows 2000	All versions
Microsoft Windows Xp	All versions

Related CWEs

CWE-178

Improper Handling of Case Sensitivity

The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.

References (14)

http://marc.info/?l=bugtraq&m=105409846029475&w=2

Source: cve@mitre.org

ExploitMailing List

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity

Source: cve@mitre.org

Broken LinkPatchVendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1

Source: cve@mitre.org

Broken Link

http://www.ciac.org/ciac/bulletins/n-103.shtml

Source: cve@mitre.org

Broken LinkPatchVendor Advisory

http://www.iss.net/security_center/static/12093.php

Source: cve@mitre.org

Broken LinkPatchVendor Advisory

http://www.securityfocus.com/bid/7709

Source: cve@mitre.org

Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory

http://www.spidynamics.com/sunone_alert.html

Source: cve@mitre.org

Broken Link

http://marc.info/?l=bugtraq&m=105409846029475&w=2