GoAhead script source leak

It's possible to obtain content of .asp or cgi-bin file by adding special characters to filename...

CVE-2003-1408

Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot...

CVE-2003-0424

The CVE-2003-0424 entry affects Apple QuickTime/Darwin Streaming Server prior to 4.1.3f. The vulnerability allows an attacker to disclose script source code by appending encoded characters (%20 space or %2e dot) to an HTTP request for a script (e.g., /view_broadcast.cgi). The issue is a Script So...

Sun ONE Application Server Upper Case Request JSP Source Disclosure

It is possible to make the remote web server disclose the source code of its JSP pages by requesting the pages with a different case ie: filename.JSP instead of filename.jsp. An attacker may use this flaw to get the source code of your CGIs and possibly obtain passwords and other relevant...

Important: Red Hat Security Advisory: tomcat security update for Stronghold

Updated tomcat packages are now available for Stronghold 4.0 to close a second JSP source code exposure vulnerability. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. A source code exposure vulnerability...

CVE-2001-1385

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts...

CVE-2002-0737

Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service resource exhaustion via DOS devices, using a URL that ends with a space and a null character...

Important: Red Hat Security Advisory: apache, openssl, php, tomcat security update for Stronghold

Updated versions of Stronghold 4 cross-platform are available to fix a number of vulnerabilities in OpenSSL, Apache, PHP, and Tomcat. Also included in this update are bug fixes for modproxy and the modauthzldap package. Stronghold 4 cross platform contains a number of open source technologies suc...

CVE-2003-0042

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character...

CVE-2002-1394

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...

CVE-2002-1744

Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." dot dot...

CVE-2002-1635

The Apache configuration file httpd.conf in Oracle 9i Application Server 9iAS uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin...

PT-2002-2467 · Microsoft · Iis

Name of the Vulnerable Software and Affected Versions: Microsoft IIS version 5.0 Description: The issue is related to an off-by-one error in the CodeBrws.asp sample script. This error allows remote attackers to view the source code for files with extensions containing one additional character aft...

Important: Red Hat Security Advisory: tomcat security update for Stronghold

Updated tomcat packages are now available for Stronghold on Red Hat Linux Advanced Server to close a JSP source code exposure vulnerability. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. A source code...

DEBIAN-CVE-2002-1156

Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled...

CVE-2002-1156

Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled...

CVE-2002-1148

The default servlet org.apache.catalina.servlets.DefaultServlet in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet...

CVE-2002-1156

Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled...

JSP source code exposure in Tomcat 4.x

Tomcat 4.x JSP source exposure security advisory 1. Summary Tomcat 4.0.4 and 4.1.10 probably all other earlier versions also are vulnerable to source code exposure by using the default servlet org.apache.catalina.servlets.DefaultServlet. 2. Details: Let say you have valid URL like...

CVE-2000-1204

Vulnerability in the modvhostalias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root...