CVE-2002-1451

Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a 1 "+" or 2 "" backslash character...

CVE-2002-0737

Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service resource exhaustion via DOS devices, using a URL that ends with a space and a null character...

KPMG-2002016: Bea Weblogic incorrect URL parsing issues

-------------------------------------------------------------------- Title: Bea Weblogic incorrect URL parsing issues BUG-ID: 2002016 Released: 30th Apr 2002 -------------------------------------------------------------------- Problem: ======== The Bea Weblogic server incorrectly parses certain...

[NT] Sambar Webserver Serverside Fileparse Bypass

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion When was the last time you checked your server's security? How about a monthly report? http://www.AutomatedScanning.com - Know that you're...

CVE-2001-1140

BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 null byte to the request...

CVE-2002-1603

GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, , %2f encoded /, %20 encoded space, or %00 encoded null character, which returns the ASP source code unparsed...

CVE-2001-0926

SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages .jsp and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an include statement...

IRM Security Advisory 002: Netware Web Server Source Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- IRM Security Advisory No. 002 Netware Web Server 5.1 Sample Page Source Disclosure Vulnerablity Type / Importance: Information Leakage / High Problem discovered: November 18th 2001...

JRun SSI Request Body Parsing

Vulnerable Products: JRun Java application server from Allaire. All current versions with latest security patches as of November 2001 are believed to be affected, including 2.3.3, 3.0, and 3.1. Impact: Revealing of source code to Java Server Pages, and other protected files inside the web root...

IBM AS/400 HTTP Server '/' attack

IBM's HTTP Server on the AS/400 platform is vulnerable to an attack that will show the source code of the page -- such as an .html or .jsp page -- by attaching an '/' to the end of a URL. Compare these two URL's: http://www.foo.com/getsource.jsp http://www.foo.com/getsource.jsp/ The later URL wil...

CVE-2001-0795

Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as 1 upper case letters or 2 8.3 file names...

CVE-2001-0795

Perception LiteServe 1.25 is affected by CVE-2001-0795. Remote attackers can obtain the source code of CGI scripts by requesting URLs that contain MS‑DOS conventions, such as uppercase letters or 8.3 file names. The PT-2001-1972 advisory notes a vulnerability in Perception LiteServe 1.25 and prov...

CVE-2001-0004

IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability...

OmniHTTPd Encoded Space Request Script Source Disclosure

OmniHTTPd is affected by a vulnerability that permits malicious users to get the full source code of scripting files. By appending an ASCII/Unicode space char '%20' to a script's suffix, the web server will no longer interpret it and instead send it back as a simple document in the same manner as...

CVE-2001-0590

Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification i.e. HTTP/1.0...

CVE-2001-0399

Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request...

CVE-2001-0446

IBM WCS WebSphere Commerce Suite 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL...

WebTrends Enterprise Reporting Server 3.1 c3.5 - Source Code Disclosure

WebTrends Enterprise Reporting Server 3.1 c3.5 - Source Code Disclosure source: https://www.securityfocus.com/bid/2812/info WebTrends Live is a web-based reporting service which provides interactive tracking of usage statistics and E-commerce revenue. It is possible to view the source code of...

Дырки в OmniHTTPD (DoS, source disclosure)

С помощью спецлиально сконструированной URL можно получить код скриптов...

CVE-2001-0399

Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request...