Unrated severityNVD Advisory· Published Jul 28, 2006· Updated Apr 16, 2026
CVE-2006-3921
CVE-2006-3921
Description
Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.
Affected products
25cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:*:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur1:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur1:standard:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur2:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur2:platform:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur2:standard:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur4:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur5:platform:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur5:standard:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur6:platform:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur6:standard:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:8.1:*:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:8.1:*:platform:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:8.1:ur1:platform:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp5:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- securitytracker.com/idnvdPatch
- securitytracker.com/idnvdPatch
- sunsolve.sun.com/search/document.donvdPatch
- www.securityfocus.com/bid/19200nvdPatch
- secunia.com/advisories/21251nvd
- secunia.com/advisories/22425nvd
- support.avaya.com/elmodocs2/security/ASA-2006-204.htmnvd
- www.vupen.com/english/advisories/2006/3020nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/28061nvd
News mentions
0No linked articles in our index yet.