Sun Java System Communications Express Remote Configuration File Disclosure
Local Access Required,
Remote / Network Access
Loss of Confidentiality
Sun Java Communications Express contains a flaw that may lead to an information disclosure to a local or remote unprivileged user. The issue is triggered when an unspecified error occurs, which will disclose sensitive information of the Communications Express application configuration files resulting in a loss of confidentiality.
Currently, there are no known workarounds or upgrades to correct this issue. However, Sun Microsystems has released a patch (118540-21 or later) to address this vulnerability.