63 matches found
Default configuration
The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this issue was SPLIT from...
Grails resources plug-in WEB-INF / META-INF File Disclosure
The remote web server uses a version of Grails, an open source web application framework for JVM, that is affected by an information disclosure vulnerability. Specifically, its 'resources' plug-in fails to restrict access to resources located under an application's 'WEB-INF' and 'META-INF'...
Code injection
The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server WAS 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in 1 web-inf, 2 meta-inf, and unspecified other...