5327 matches found
Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
The version of Apache Tomcat running on the remote host is affected by an information disclosure vulnerability. It is possible to view source code using the default servlet : org.apache.catalina.servlets.DefaultServlet A remote attacker can exploit this information to mount further attacks. This...
Perception LiteServe 2.0 - CGI Source Disclosure
Perception LiteServe 2.0 - CGI Source Disclosure source: https://www.securityfocus.com/bid/6188/info By constructing a malicious web request, it is possible for a remote attacker to disclose the source code of CGI scripts. Information gained through exploiting this issue may aid an attacker in...
QNX 6.1 TimeCreate weakness
I've found bug in QNX-6.1 timer implementation. After creating some number at least 2 of timers with 1 ms tick system hangs. Please consider attached source code. Code can be executed by unprivilegged users. Pawel Pisarczyk ------------------------ IMMOS - IMMOrtal Systems...
Important: Red Hat Security Advisory: tomcat security update for Stronghold
Updated tomcat packages are now available for Stronghold on Red Hat Linux Advanced Server to close a JSP source code exposure vulnerability. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. A source code...
Apache discloses source code via POST requests to a location with WebDAV and CGI enabled
Overview There is an information leakage in Apache that results from an interaction between WebDAV and CGI. Description Apache version 2.0.42 allows remote attackers to obtain the source code of CGI scripts that are stored in locations for which both CGI and WebDAV are enabled. When a POST reques...
CVE-2002-1148
The default servlet org.apache.catalina.servlets.DefaultServlet in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet...
DEBIAN-CVE-2002-1156
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled...
Sendmail Trojan Horse Vulnerability
Description Reportedly, the server hosting sendmail, ftp.sendmail.org, was compromised recently. It has been reported that the intruder made modifications to the source code of sendmail to include Trojan Horse code. Downloads of the sendmail source code from ftp.sendmail.org between September 28,...
Sendmail 8.12.6 - Compromised Source Backdoor
source: https://www.securityfocus.com/bid/5921/info Reportedly, the server hosting sendmail, ftp.sendmail.org, was compromised recently. It has been reported that the intruder made modifications to the source code of sendmail to include Trojan Horse code. Downloads of the sendmail source code fro...
[SECURITY] [DSA 169-1] New tomcat packages fix unintended source code disclosure
-------------------------------------------------------------------------- Debian Security Advisory DSA 169-1 [email protected] http://www.debian.org/security/ Martin Schulze October, 4th, 2002 http://www.debian.org/security/faq -...
[SECURITY] [DSA 169-1] New tomcat packages fix unintended source code disclosure
-------------------------------------------------------------------------- Debian Security Advisory DSA 169-1 [email protected] http://www.debian.org/security/ Martin Schulze October, 4th, 2002 http://www.debian.org/security/faq -...
DSA-170 tomcat4 - source code disclosure
Bulletin has no description...
JSP source code exposure in Tomcat 4.x
Tomcat 4.x JSP source exposure security advisory 1. Summary Tomcat 4.0.4 and 4.1.10 probably all other earlier versions also are vulnerable to source code exposure by using the default servlet org.apache.catalina.servlets.DefaultServlet. 2. Details: Let say you have valid URL like...
Apache Tomcat 3/4 - 'DefaultServlet' File Disclosure
source: https://www.securityfocus.com/bid/5786/info The servlet 'org.apache.catalina.servlets.DefaultServlet' is included with Apache Tomcat by default. It is possible to use this servlet to view contents of files within the webroot. This includes JSP source code, which may contain sensitive data...
Apache Tomcat 34 - DefaultServlet File Disclosure
Apache Tomcat 34 - DefaultServlet File Disclosure source: https://www.securityfocus.com/bid/5786/info The servlet 'org.apache.catalina.servlets.DefaultServlet' is included with Apache Tomcat by default. It is possible to use this servlet to view contents of files within the webroot. This includes...
Jakarta Tomcat serves JSP source code when supplied malformed HTTP request
Overview Tomcat does not adequately validate HTTP requests and may reveal JSP source code if supplied a malformed HTTP request. Description JavaServer Pages JSP is a technology that allows for the creation of dynamic web content. The Apache Jakarta Project implementation of JSP is known as Tomcat...
CVE-2000-1204
Vulnerability in the modvhostalias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root...
CVE-2000-1204
CVE-2000-1204 affects Apache 1.3.9, 1.3.11 and 1.3.12 via the mod_vhost_alias module. The issue allows remote attackers to obtain the source code of CGI programs if the cgi-bin directory is under the document root. Impact is partial confidentiality; no exploitation details are provided in the con...
CVE-2002-0737
Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service resource exhaustion via DOS devices, using a URL that ends with a space and a null character...
Sambar Web Server vulnerable to sourcecode disclosure due to improper parsing of scripts
Overview Sambar Webserver displays script contents instead of interpreting them when the user adds certain characters to the end of the script URL. Description Sambar Webserver is designed to handle CGI requests by interpreting CGI scripts to produce output returned to the client. However, due to...