CVE-1999-0922

An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file...

CVE-1999-0758

Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL...

CVE-1999-0922

CVE-1999-0922 concerns ColdFusion Server 4.0, where remote attackers can view source code via the sourcewindow.cfm file. The NVD CVSSv2 base score is 5.0 (Medium) with vector AV:N/AC:L/Au:N/C:P/I:N/A:N, indicating a network-accessible issue with low exploit complexity and partial confidentiality ...

CVE-1999-0758

Affected software: Netscape Enterprise 3.5.1 and FastTrack 3.01. Vulnerability: remote attacker can view the source code of scripts by appending a space-encoded %20 to the script URL. Root cause / vector: insufficient handling of trailing spaces in URLs that leads to source disclosure. Impact: ex...

CVE-2000-0302

Microsoft Index Server WebHits ISAPI filter vulnerability (MS00-06) allows remote attackers to disclose ASP source by requesting null.htw with a crafted CiWebHitsFile argument (via %20). Connected OpenVAS entries describe the WebHits component’s information disclosure and path/file reading issues...

CVE-2001-0312

CVE-2001-0312 affects the IBM WebSphere plugin for Netscape Enterprise Server. The issue allows remote attackers to read JSP source code by issuing an HTTP request whose Host header references a host not in WebSphere’s host aliases, bypassing normal processing. The available connected documents p...

CVE-2001-0312

IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing...

Re: Tomcat may reveal script source code by URL trickery

There is another way to get the source from a jsp page using Tomcat. If you don't write HTTP/1.0 or HTTP/1.1 in the end of the GET request, you will get the source code and not the jsp processed. In other words, use Apache + Tomcat if you intend to protect your source code. telnet maq106 8080...

Security Advisory(CSA-200110)

Topic:Tomcat 4.0-b2 for winnt/2000 show ".jsp" source Vulnerability. vulnerable: winnt/2000maybe for other operating system also + Tomcat 4.0-b2 discussion: A security vulnerability has been found in Windows NT/2000 systems that have Tomcat 4.0-b2 installed. The vulnerability allows remote...

BEA WebLogic may reveal script source code by URL trickery

Meta comment ------------ The reported problem seems to have been fixed in recent versions, without me talking to BEA. This may indicate that other people have reported the problem before me I was unable to find it on Securityfocus' vulnerability database. It may also mean that the problem is...

Tomcat may reveal script source code by URL trickery

Tomcat may reveal script source code by URL trickery ---------------------------------------------------- Sverre H. Huseby advisory 2001-03-29 Systems affected ---------------- Tomcat 4.0-b1 latest milestone and nighly build as of 2001-03-28 tested. Other versions may be vulnerable too. The probl...

Tomcat 3.2.14.0 Weblogic Server 5.1 - URL JSP Request Source Code Disclosure

Tomcat 3.2.14.0 Weblogic Server 5.1 - URL JSP Request Source Code Disclosure source: https://www.securityfocus.com/bid/2527/info BEA Systems WebLogic Server is an enterprise level web and wireless application server. Tomcat can be used together with the Apache web server or a stand alone server f...

Tomcat 3.2.1/4.0 / Weblogic Server 5.1 - URL JSP Request Source Code Disclosure

source: https://www.securityfocus.com/bid/2527/info BEA Systems WebLogic Server is an enterprise level web and wireless application server. Tomcat can be used together with the Apache web server or a stand alone server for Java Servlets and Java Pages. Tomcat ships with a built in web server...

CVE-1999-0758

Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL...

SSHD-1 Logging Vulnerability

Crimelabs, Inc. www.crimelabs.net Security Note Crimelabs Security Note CLABS200101 Title: SSH-1 Brute Force Password Vulnerability Date: 5 February, 2001 Vendors: Any supported by SSH-1 Versions: At least ssh-1.2.27 and 1.2.30 Not Affected: OpenSSH Severity: Medium to High Author: Jose Nazario...

CVE-2000-1090

Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character...

CVE-2000-0868

The CVE-2000-0868 issue affects Apache 1.3.12 on SuSE Linux 6.4 where the default configuration exposes CGI script source code. The vulnerability arises because /cgi-bin/ requests can be rewritten to /cgi-bin-sdb/, which is an Alias of /cgi-bin, enabling remote attackers to disclose source code o...

CVE-2000-0498

Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case...

CVE-2000-0498

The CVE-2000-0498 vulnerability affects Unify eWave ServletExec. A remote attacker could view the source code of a JSP program by requesting a URL that uses the JSP extension in uppercase. Connected sources confirm the affected product and the exact attack vector; PT-2000-1436 notes no informatio...

PHP Security Advisory - Apache Module bugs

Problems ========= 1 PHP supports a configuration mechanism that allows users to configure PHP directives on a per-directory basis. Under Apache, this is usually done using .htaccess files. Due to a bug in the Apache module version of PHP, remote 'malicious users' might be able to create a specia...