134 matches found
CVE-2005-0425
Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages .jsp via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine...
[SA14274] IBM WebSphere Application Server JSP Source Code Disclosure
TITLE: IBM WebSphere Application Server JSP Source Code Disclosure SECUNIA ADVISORY ID: SA14274 VERIFY ADVISORY: http://secunia.com/advisories/14274/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: IBM WebSphere Application Server 6.x...
IBM WebSphere Java Server Pages (JSP) source code leak
No description provided...
Integrigy Security Alert - Oracle E-Business Suite AOL/J Setup Test Information Disclosure
Integrigy Security Alert Oracle E-Business Suite AOL/J Setup Test Information Disclosure July 23, 2003 Summary: The Oracle Applications AOL/J Setup Test Suite, used to trouble-shoot the Self-Service framework, can be exploited to remotely retrieve sensitive configuration and host information...
CVE-2002-2007
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages JSP in the 1 test/jsp, 2 samples/jsp and 3 examples/jsp directories, or the 4...
CVE-2002-0937
The Java Server Pages JSP engine in JRun allows web page owners to cause a denial of service engine crash on the web server via a JSP page that calls WPrinterJob.pageSetupnull,null...
CVE-2002-0936
The Java Server Pages JSP engine in Tomcat allows web page owners to cause a denial of service engine crash on the web server via a JSP page that calls WPrinterJob.pageSetupnull,null...
CVE-2002-0937
The Java Server Pages JSP engine in JRun allows web page owners to cause a denial of service engine crash on the web server via a JSP page that calls WPrinterJob.pageSetupnull,null...
CVE-2002-0936
The Java Server Pages JSP engine in Tomcat allows web page owners to cause a denial of service engine crash on the web server via a JSP page that calls WPrinterJob.pageSetupnull,null...
JRun SSI Request Body Parsing
Vulnerable Products: JRun Java application server from Allaire. All current versions with latest security patches as of November 2001 are believed to be affected, including 2.3.3, 3.0, and 3.1. Impact: Revealing of source code to Java Server Pages, and other protected files inside the web root...
CVE-2001-0926
SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages .jsp and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an include statement...
BEA WebLogic JSP showcode vulnerability
Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory BEA's WebLogic ---------------------------------------------------------------------- FS Advisory ID: FS-061200-2-BEA Release Date: June 12, 2000 Product: WebLogic Vendor: BEA Systems http://www.beasys.com...
PT-2000-1437 · Bea · Bea Weblogic
Name of the Vulnerable Software and Affected Versions: BEA WebLogic versions 3.1.8 through 4.5.1 Description: The default configuration of the software allows a remote attacker to view the source code of a JSP program. This can be achieved by requesting a URL that provides the JSP extension in...
PT-2000-1435 · Ibm · Ibm Websphere Server
Name of the Vulnerable Software and Affected Versions: IBM WebSphere server version 3.0.2 Description: The issue allows a remote attacker to view the source code of a JSP program. This can be achieved by requesting a URL that provides the JSP extension in upper case. Recommendations: For IBM...