CVE-2001-0795

Perception LiteServe 1.25 is affected by CVE-2001-0795. Remote attackers can obtain the source code of CGI scripts by requesting URLs that contain MS‑DOS conventions, such as uppercase letters or 8.3 file names. The PT-2001-1972 advisory notes a vulnerability in Perception LiteServe 1.25 and prov...

CVE-2001-0004

IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability...

OmniHTTPd Encoded Space Request Script Source Disclosure

OmniHTTPd is affected by a vulnerability that permits malicious users to get the full source code of scripting files. By appending an ASCII/Unicode space char '%20' to a script's suffix, the web server will no longer interpret it and instead send it back as a simple document in the same manner as...

CVE-2001-0446

IBM WCS WebSphere Commerce Suite 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL...

WebTrends Enterprise Reporting Server 3.1 c3.5 - Source Code Disclosure

WebTrends Enterprise Reporting Server 3.1 c3.5 - Source Code Disclosure source: https://www.securityfocus.com/bid/2812/info WebTrends Live is a web-based reporting service which provides interactive tracking of usage statistics and E-commerce revenue. It is possible to view the source code of...

CVE-2001-0399

Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request...

CVE-1999-0922

CVE-1999-0922 concerns ColdFusion Server 4.0, where remote attackers can view source code via the sourcewindow.cfm file. The NVD CVSSv2 base score is 5.0 (Medium) with vector AV:N/AC:L/Au:N/C:P/I:N/A:N, indicating a network-accessible issue with low exploit complexity and partial confidentiality ...

CVE-1999-0922

An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file...

Re: Tomcat may reveal script source code by URL trickery

There is another way to get the source from a jsp page using Tomcat. If you don't write HTTP/1.0 or HTTP/1.1 in the end of the GET request, you will get the source code and not the jsp processed. In other words, use Apache + Tomcat if you intend to protect your source code. telnet maq106 8080...

CVE-2000-1090

Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character...

CVE-2000-0498

Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case...

CVE-2001-1385

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts...

CSA-200012.txt

CHINANSL Security AdvisoryCSA-200012 Topic: Ultraseek Server 3.0 Vulnerability Release Date£º Dec 6, 2000 Affected system: ============ Ultraseek Server 3.0 ¡¡¡¡- SunOS Impact: ====== CHINANLS security team has found a security problem in Ultraseek Server 3.0 . Exploitation of this vulnerability,...

Inktomi Search Software 3.0 - Source Disclosure

source: https://www.securityfocus.com/bid/2061/info A vulnerability exists in version 3.0 of Ultrseek server aka Inktomi Search. Due to a failure to properly validate user-supplied input, URLs submitted by a remote user of the form: http://target:8765/somefile.html/ will return the source to...

CVE-2000-1052

The CVE-2000-1052 entry concerns Allaire JRun 2.3 server. Affected component: SSIFilter servlet. Root cause: remote attackers can directly invoke the SSIFilter servlet to obtain source code for executable content, leading to partial confidentiality impact. The public description states exposure o...

CVE-2000-0778

IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability...

CVE-2000-0499

The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case...

CVE-2000-0500

The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing...

CVE-2000-0671

Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character %00 to the URL...

CVE-2000-0683

BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /.shtml/ into the URL, which invokes the SSIServlet...