IBM AS/400 HTTP Server '/' attack

IBM's HTTP Server on the AS/400 platform is vulnerable to an attack that will show the source code of the page -- such as an .html or .jsp page -- by attaching an '/' to the end of a URL. Compare these two URL's: http://www.foo.com/getsource.jsp http://www.foo.com/getsource.jsp/ The later URL wil...

IBM HTTP Server on AS/400 Trailing Slash Source Code Disclosure

IBM's HTTP Server on the AS/400 platform is vulnerable to an attack that will show the source code of the page -- such as a .html or .jsp page -- by attaching an '/' to the end of a URL. %NASLMINLEVEL 70300 This script was written by Felix Huber Script audit and contributions from Carmichael...

IBM HTTP Server 1.3.x - Source Code Disclosure

IBM HTTP Server 1.3.x - Source Code Disclosure source: https://www.securityfocus.com/bid/3518/info Due to an input validation error in IBM HTTP Server for the AS/400, it is possible for a remote attacker to make a specially web crafted web request which will display script source code. If a '/' i...

IBM HTTP Server 1.3.x - Source Code Disclosure

source: https://www.securityfocus.com/bid/3518/info Due to an input validation error in IBM HTTP Server for the AS/400, it is possible for a remote attacker to make a specially web crafted web request which will display script source code. If a '/' is appended to the end of a request for an...

CVE-2001-0795

Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as 1 upper case letters or 2 8.3 file names...

CVE-2001-0778

OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space %20...

CVE-2001-0795

Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as 1 upper case letters or 2 8.3 file names...

CVE-2001-0795

Perception LiteServe 1.25 is affected by CVE-2001-0795. Remote attackers can obtain the source code of CGI scripts by requesting URLs that contain MS‑DOS conventions, such as uppercase letters or 8.3 file names. The PT-2001-1972 advisory notes a vulnerability in Perception LiteServe 1.25 and prov...

CVE-2001-0778

Affected software: OmniHTTPd (OmniPro HTTPd) up to 2.08. Vulnerability: remote attackers can disclose source code of scripting files by sending a URL with an encoded space (%20); the flaw is not present for CGI directories (cgibin/cgi-win). Impact: information disclosure of script/source files (c...

results of semi-automatic source code audit

/ results of semi-automatic source code audit of a majority of php based open-source projects registered at Freshmeat.net or Sourceforge.net release date: 2001-10-02 authors: atil [email protected] genetics [email protected] yaht@ircnet, Yet Another Hacker Team / --=introduction=-- ph...

CVE-2001-0709

Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode...

CVE-2001-0693

WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space %20...

CVE-2001-0004

IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability...

CVE-2001-0004

This CVE concerns IIS 4.0/5.0 where an attacker can cause the server to disclose file contents by sending a crafted GET request that appends %3F+.htr, causing the target file to be parsed as an .HTR ISAPI extension. Impact: unauthenticated remote disclosure of potentially sensitive files within t...

CVE-1999-0154

IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . dot to the end of the URL...

CVE-1999-1540

shell-lock in Cactus Software Shell Lock uses weak encryption trivial encoding which allows attackers to easily decrypt and obtain the source code...

CVE-1999-1540

CVE-1999-1540 affects Cactus Software Shell Lock, where weak encryption (trivial encoding) enables local attackers to decrypt and obtain the source code. According to NVD, the baseline impact is Partial confidentiality with no integrity or availability impact, and the exploit is local with low ov...

PGPsdk Key Validity Vulnerability

http://www.pgp.com/support/product-advisories/pgpsdk.asp A vulnerability in PGP's display of key validity has been discovered that could allow an attacker to fool users into thinking that a valid signature was created by what is actually an invalid user ID. If the attacker can obtain a signature ...

CVE-2001-0693

CVE-2001-0693 affects WebTrends HTTP Server 3.1c and 3.5, where a remote attacker can view script source by requesting a filename followed by an encoded space (%20). The underlying issue is an information disclosure vulnerability in the server’s handling of URL paths. The CVSS vector indicates ne...

CVE-2001-0709

Vulnerability summary (CVE-2001-0709): Microsoft IIS 4.0 and earlier, when installed on a FAT partition, is susceptible to remote disclosure of ASP source code. An attacker can obtain the source by requesting a URL encoded with Unicode. The description in the provided documents confirms the expos...