CVE-2008-2120

Published: May 9, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors.

Affected (3)

Products: Sun: Java System Application Server, Java System Web Server

Sun

2 products

Java System Application Server

Java System Web Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Sun Java System Application Server	Up to 7.0
Sun Java System Web Server	Up to 6.1
Sun Java System Web Server	Version 7.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (14)

http://secunia.com/advisories/30122

Source: cve@mitre.org

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-201255-1

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/29088

Source: cve@mitre.org

Patch

http://www.securitytracker.com/id?1019985

Source: cve@mitre.org

http://www.securitytracker.com/id?1019986

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/1457/references

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/42266

Source: cve@mitre.org

http://secunia.com/advisories/30122