CVE-2005-1112

IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages .jsp via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the...

CVE-2005-0425

Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages .jsp via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine...

CVE-2005-1112

IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages .jsp via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the...

CVE-2005-0425

Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages .jsp via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine...

[SA14274] IBM WebSphere Application Server JSP Source Code Disclosure

TITLE: IBM WebSphere Application Server JSP Source Code Disclosure SECUNIA ADVISORY ID: SA14274 VERIFY ADVISORY: http://secunia.com/advisories/14274/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: IBM WebSphere Application Server 6.x...

IBM WebSphere Java Server Pages (JSP) source code leak

No description provided...

Integrigy Security Alert - Oracle E-Business Suite AOL/J Setup Test Information Disclosure

Integrigy Security Alert Oracle E-Business Suite AOL/J Setup Test Information Disclosure July 23, 2003 Summary: The Oracle Applications AOL/J Setup Test Suite, used to trouble-shoot the Self-Service framework, can be exploited to remotely retrieve sensitive configuration and host information...

CVE-2002-1822

IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page JSP...

CVE-2002-2007

The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages JSP in the 1 test/jsp, 2 samples/jsp and 3 examples/jsp directories, or the 4...

CVE-2002-2347

Cross-site scripting XSS vulnerability in Oracle Java Server Page OJSP demo files 1 hellouser.jsp, 2 welcomeuser.jsp and 3 usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field...

CVE-2002-0937

The Java Server Pages JSP engine in JRun allows web page owners to cause a denial of service engine crash on the web server via a JSP page that calls WPrinterJob.pageSetupnull,null...

CVE-2002-0936

The Java Server Pages JSP engine in Tomcat allows web page owners to cause a denial of service engine crash on the web server via a JSP page that calls WPrinterJob.pageSetupnull,null...

CVE-2002-0936

The Java Server Pages JSP engine in Tomcat allows web page owners to cause a denial of service engine crash on the web server via a JSP page that calls WPrinterJob.pageSetupnull,null...

CVE-2002-0937

The Java Server Pages JSP engine in JRun allows web page owners to cause a denial of service engine crash on the web server via a JSP page that calls WPrinterJob.pageSetupnull,null...

vqServer 1.9.x - CGI Demo Program Script Injection

vqServer 1.9.x - CGI Demo Program Script Injection source: https://www.securityfocus.com/bid/4573/info vqServer is a HTTP server implemented in Java. vqServer is available on any architecture supporting Java, including Linux and Microsoft Windows. Reportedly, numerous default CGI scripts included...

JRun SSI Request Body Parsing

Vulnerable Products: JRun Java application server from Allaire. All current versions with latest security patches as of November 2001 are believed to be affected, including 2.3.3, 3.0, and 3.1. Impact: Revealing of source code to Java Server Pages, and other protected files inside the web root...

CVE-2001-0926

SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages .jsp and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an include statement...

Jakarta Tomcat 3.x4.0 - Error Message Information Disclosure

Jakarta Tomcat 3.x4.0 - Error Message Information Disclosure source: https://www.securityfocus.com/bid/3199/info When a malformed request is made for a Java Server Page the server displays an error page. The error page contains potentially sensitive information, along with the absolute path of th...

CVE-2000-0146

The CVE-2000-0146 issue affects the Java Server in Novell GroupWise Web Access Enhancement Pack. A remote attacker can cause a denial of service by sending an excessively long URL to the servlet, leading to availability impact. Connected sources corroborate a URL-length-based DoS vector (e.g., lo...

BEA WebLogic JSP showcode vulnerability

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory BEA's WebLogic ---------------------------------------------------------------------- FS Advisory ID: FS-061200-2-BEA Release Date: June 12, 2000 Product: WebLogic Vendor: BEA Systems http://www.beasys.com...