65 matches found
NewAtlanta ServletExec/ISAPI 4.1 JSPServlet - Denial of Service
// source: https://www.securityfocus.com/bid/4796/info ServletExec/ISAPI is a plug-in Java Servlet/JSP engine for Microsoft IIS. It runs with IIS on Microsoft Windows NT/2000/XP systems. A denial of service condition occurs when the JSPServlet is sent an overly long request either directly or via...
NewAtlanta ServletExec/ISAPI 4.1 - Full Path Disclosure
source: https://www.securityfocus.com/bid/4793/info ServletExec/ISAPI is a plug-in Java Servlet/JSP engine for Microsoft IIS. It runs with IIS on Microsoft Windows NT/2000/XP systems. ServletExec/ISAPI discloses the absolute path to the webroot directory when sent a specially formatted request...
CVE-2000-0498
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case...
CVE-2000-0498
The CVE-2000-0498 vulnerability affects Unify eWave ServletExec. A remote attacker could view the source code of a JSP program by requesting a URL that uses the JSP extension in uppercase. Connected sources confirm the affected product and the exact attack vector; PT-2000-1436 notes no informatio...
CVE-2000-1024
eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands...
CVE-2000-1024
CVE-2000-1024 concerns eWave ServletExec 3.0C and earlier. The vulnerability arises because the server-side UploadServlet is not properly restricted, allowing an attacker to upload arbitrary files to arbitrary directories, which can lead to remote command execution on the affected host. Multiple ...
CVE-2000-1114
Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20"...
CVE-2000-1114
The CVE-2000-1114 vulnerability affects Unify ServletExec AS v3.0C. A flaw in the HTTP handling allows remote attackers to read JSP source code by sending an HTTP request that ends with certain characters (e.g., ".", "+", or "%20"). This can expose source contents and partial confidentiality leak...
CVE-2000-1114
Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20"...
Unify eWave ServletExec 3.0C UploadServlet Unprivileged File Upload
ServletExec has a servlet called 'UploadServlet' in its server side classes. UploadServlet, when invokable, allows an attacker to upload any file to any directory on the server. The uploaded file may have code that can later be executed on the server, leading to remote command execution...
CVE-2000-1024
eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands...
CVE-2000-1025
eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, allows remote attackers to cause a denial of service via a URL that contains the "/servlet/" string, which invokes the ServletExec servlet and causes an exception if the servlet is already running...
CVE-2000-1025
eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, allows remote attackers to cause a denial of service via a URL that contains the "/servlet/" string, which invokes the ServletExec servlet and causes an exception if the servlet is already running...
CVE-2000-1025
CVE-2000-1025 affects eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier. A remote attacker can cause a denial of service by requesting a URL containing the '/servlet/' path, which invokes the ServletExec servlet and triggers an exception if it is already running. Impact: partia...
RESIN ServletExec JSP Source Disclosure Vulnerability(Apache 1.3.6 Win2k))
Resintm serves the fastest servlets and JSP. With Java and JavaScript support, Resin gives web applications the flexibility to choose the right language for the task. Resin's leading XSL XML stylesheet language support encourages separation of content from formatting. Resin provides a fast servle...
RESIN ServletExec JSP Source Disclosure Vulnerability(IIS 5)
Resintm serves the fastest servlets and JSP. With Java and JavaScript support, Resin gives web applications the flexibility to choose the right language for the task. Resin's leading XSL XML stylesheet language support encourages separation of content from formatting. Resin provides a fast servle...
Disclosure of JSP source code with ServletExec AS v3.0c + web instance
Test environment ---------------- NT 4.0 SP6a IIS v4 Sun JDK v1.2.2.006 ServletExec AS v3.0C Vendor status Unify --------------------- Issue reported on October 27th to [email protected] Confirmation on November 2nd that the problem was reproduced Confirmation that the issue was forwarded t...
Unify eWave ServletExec 3 - .JSP Source Disclosure
Unify eWave ServletExec 3 - .JSP Source Disclosure...
Unify eWave ServletExec 3 - .JSP Source Disclosure
source : https://www.securityfocus.com/bid/1970/info Unify eWave ServletExec is a Java/Java Servlet engine plug-in for major web servers such as Microsoft IIS, Apache, Netscape Enterprise Server, etc. ServletExec will return the source code of JSP files when a HTTP request is appended with one of...
Unify eWave ServletExec upload
Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory Unify eWave ServletExec upload ---------------------------------------------------------------------- FS Advisory ID: FS-103100-16-SRVX Release Date: October 31, 2000 Product: Unify eWave ServletExec 3.0C...