CVE-2006-3921

Published: Jul 28, 2006Modified: Apr 16, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.

Affected (25)

Products: Sun: Java System Application Server, Java System Web Server

Sun

2 products

Java System Application Server

Java System Web Server

Configuration A

25 vulnerable

Vulnerable Software	Affected Versions
Sun Java System Application Server	Version 7.0
Sun Java System Application Server	Version 7.0
Sun Java System Application Server	Version 7.0
Sun Java System Application Server	Version 7.0
Sun Java System Application Server	Version 7.0 ur1
Sun Java System Application Server	Version 7.0 ur1
Sun Java System Application Server	Version 7.0 ur2
Sun Java System Application Server	Version 7.0 ur2
Sun Java System Application Server	Version 7.0 ur2
Sun Java System Application Server	Version 7.0 ur4
Sun Java System Application Server	Version 7.0 ur5
Sun Java System Application Server	Version 7.0 ur5
Sun Java System Application Server	Version 7.0 ur6
Sun Java System Application Server	Version 7.0 ur6
Sun Java System Application Server	Version 7.1
Sun Java System Application Server	Version 8.1
Sun Java System Application Server	Version 8.1
Sun Java System Application Server	Version 8.1 ur1
Sun Java System Web Server	Version 6.0
Sun Java System Web Server	Version 6.1
Sun Java System Web Server	Version 6.1 sp1
Sun Java System Web Server	Version 6.1 sp2
Sun Java System Web Server	Version 6.1 sp3
Sun Java System Web Server	Version 6.1 sp4
Sun Java System Web Server	Version 6.1 sp5