332 matches found
CVE-1999-0922
CVE-1999-0922 concerns ColdFusion Server 4.0, where remote attackers can view source code via the sourcewindow.cfm file. The NVD CVSSv2 base score is 5.0 (Medium) with vector AV:N/AC:L/Au:N/C:P/I:N/A:N, indicating a network-accessible issue with low exploit complexity and partial confidentiality ...
CVE-1999-0922
An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file...
Re: Tomcat may reveal script source code by URL trickery
There is another way to get the source from a jsp page using Tomcat. If you don't write HTTP/1.0 or HTTP/1.1 in the end of the GET request, you will get the source code and not the jsp processed. In other words, use Apache + Tomcat if you intend to protect your source code. telnet maq106 8080...
CVE-1999-0922
An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file...
CVE-2000-1090
Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character...
CVE-2000-1090
Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character...
CVE-2000-0498
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case...
CVE-2001-1385
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts...
CVE-2000-1114
Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20"...
CSA-200012.txt
CHINANSL Security AdvisoryCSA-200012 Topic: Ultraseek Server 3.0 Vulnerability Release Date£º Dec 6, 2000 Affected system: ============ Ultraseek Server 3.0 ¡¡¡¡- SunOS Impact: ====== CHINANLS security team has found a security problem in Ultraseek Server 3.0 . Exploitation of this vulnerability,...
Inktomi Search Software 3.0 - Source Disclosure
source: https://www.securityfocus.com/bid/2061/info A vulnerability exists in version 3.0 of Ultrseek server aka Inktomi Search. Due to a failure to properly validate user-supplied input, URLs submitted by a remote user of the form: http://target:8765/somefile.html/ will return the source to...
CVE-2000-1052
The CVE-2000-1052 entry concerns Allaire JRun 2.3 server. Affected component: SSIFilter servlet. Root cause: remote attackers can directly invoke the SSIFilter servlet to obtain source code for executable content, leading to partial confidentiality impact. The public description states exposure o...
CVE-2000-0682
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet...
CVE-2000-0778
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability...
CVE-2000-0683
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /.shtml/ into the URL, which invokes the SSIServlet...
CVE-2000-0497
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case...
CVE-2000-0778
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability...
CVE-2000-0500
The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing...
CVE-2000-0499
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case...
CVE-2000-0652
IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string...