High severity7.5NVD Advisory· Published Jun 30, 2003· Updated Apr 16, 2026

CVE-2003-0411

Description

Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.

Affected products

Oracle Corporation/Sun One Application Server
cpe:2.3:a:oracle:sun_one_application_server:7.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sunsolve.sun.com/pub-cgi/retrieve.plnvdBroken LinkPatchVendor Advisory
www.ciac.org/ciac/bulletins/n-103.shtmlnvdBroken LinkPatchVendor Advisory
www.iss.net/security_center/static/12093.phpnvdBroken LinkPatchVendor Advisory
marc.infonvdExploitMailing List
www.securityfocus.com/bid/7709nvdBroken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
sunsolve.sun.com/search/document.donvdBroken Link
www.spidynamics.com/sunone_alert.htmlnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000