CVE-2009-0278

Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request.

Date published : 2009-01-26

http://www.securityfocus.com/bid/33397

http://sunsolve.sun.com/search/document.do?assetkey=1-21-119166-35-1