Unrated severityNVD Advisory· Published Jul 28, 2006· Updated Jun 16, 2026
CVE-2006-3921
CVE-2006-3921
Description
Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
27cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:*:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur1:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur1:standard:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur2:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur2:platform:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur2:standard:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur4:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur5:platform:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur5:standard:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur6:platform:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:ur6:standard:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:8.1:*:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:8.1:*:platform:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:8.1:ur1:platform:*:*:*:*:*
- (no CPE)range: 7 to 8.1
cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp5:*:*:*:*:*:*
- (no CPE)range: 6.0, 6.1
Patches
Vulnerability mechanics
References
9- securitytracker.com/idnvdPatch
- securitytracker.com/idnvdPatch
- sunsolve.sun.com/search/document.donvdPatch
- www.securityfocus.com/bid/19200nvdPatch
- secunia.com/advisories/21251nvd
- secunia.com/advisories/22425nvd
- support.avaya.com/elmodocs2/security/ASA-2006-204.htmnvd
- www.vupen.com/english/advisories/2006/3020nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/28061nvd
News mentions
0No linked articles in our index yet.