Lucene search
K

240 matches found

EUVD
EUVD
added 2004/03/18 5:0 a.m.7 views

EUVD-2004-0281

Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows...

5CVSS6.5AI score0.042EPSS
Exploits1References3
NVD
NVD
added 2002/12/31 5:0 a.m.15 views

CVE-2002-1859

Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

5CVSS6.6AI score0.02519EPSS
Exploits0References4
NVD
NVD
added 2002/12/31 5:0 a.m.17 views

CVE-2002-1857

jo! jo Webserver 1.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

5CVSS6.6AI score0.02119EPSS
Exploits0References4
NVD
NVD
added 2002/12/31 5:0 a.m.17 views

CVE-2002-1860

Pramati Server 3.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

5CVSS6.6AI score0.02119EPSS
Exploits0References4
NVD
NVD
added 2002/12/31 5:0 a.m.21 views

CVE-2002-1856

HP Application Server 8.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

5CVSS6.6AI score0.03709EPSS
Exploits0References4
NVD
NVD
added 2002/12/31 5:0 a.m.24 views

CVE-2002-1858

Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

5CVSS6.3AI score0.04534EPSS
Exploits0References5
NVD
NVD
added 2002/12/31 5:0 a.m.36 views

CVE-2002-1855

Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

5CVSS6.6AI score0.02178EPSS
Exploits0References5
NVD
NVD
added 2002/12/31 5:0 a.m.25 views

CVE-2002-1861

Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

5CVSS6.6AI score0.02119EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2002/07/01 12:0 a.m.787 views

Multiple Server Crafted Request WEB-INF Directory Information Disclosure

By making a specially-formatted request to the remote web server, it is possible to retrieve files located under the 'WEB-INF' directory. Note that this vulnerability is known to affect the Win32 versions of multiple J2EE servlet containers / application servers. %NASLMINLEVEL 70300 This script w...

5CVSS7.3AI score0.04534EPSS
Exploits0References7
NVD
NVD
added 2001/06/18 4:0 a.m.18 views

CVE-2001-0404

Directory traversal vulnerability in JavaServer Web Dev Kit JSWDK 1.0.1 allows remote attackers to read arbitrary files via a .. dot dot in an HTTP request to the WEB-INF directory...

5CVSS6.7AI score0.01625EPSS
Exploits0References1
CVE
CVE
added 2001/05/24 4:0 a.m.50 views

CVE-2001-0404

Vulnerability: Directory traversal in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote read of arbitrary files via a .. sequence in an HTTP request targeting the WEB-INF directory. Affected product/component: JSWDK 1.0.1. Root cause: improper path handling enabling traversal to WEB-INF. Impact:...

5CVSS7.5AI score0.01625EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2001/05/07 4:0 a.m.49 views

CVE-2001-0179

Allaire JRun 3.0 is affected by an information-disclosure vulnerability where remote attackers can list the contents of WEB-INF and the web.xml in WEB-INF via a malformed URL containing a dot. This is described in the CVE record and corroborated by OpenVAS information-disclosure entries referenci...

5CVSS6.6AI score0.01309EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2001/05/07 4:0 a.m.28 views

CVE-2001-0179

Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "."...

6.5AI score0.01309EPSS
Exploits0References2
securityvulns
securityvulns
added 2001/01/26 12:0 a.m.33 views

Дырка в JRUN (WEB-INF reading)

Можно получить содержимое каталога WEB-INF и доступ к отдельным файлам...

0.6AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2001/01/26 12:0 a.m.47 views

Security Bulletin (ASB01-02) JRun 3.0

Allaire posted the following security bulletin to their site recently. The online version can be found at: http://www.allaire.com/handlers/index.cfm?ID=19546&Method=Full ------------------------------------ Allaire Security Bulletin ASB01-02 JRun 3.0: Patch available for JRun malformed URI WEB-IN...

0.5AI score
Exploits0
Cvelist
Cvelist
added 2001/01/22 5:0 a.m.26 views

CVE-2000-1050

Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request aka the "extra leading slash"...

7.4AI score0.08179EPSS
Exploits0References4
NVD
NVD
added 2000/12/11 5:0 a.m.19 views

CVE-2000-1050

Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request aka the "extra leading slash"...

5CVSS6.4AI score0.08179EPSS
Exploits0References4
securityvulns
securityvulns
added 2000/10/24 12:0 a.m.46 views

Allaire's JRUN Unauthenticated Access to WEB-INF directory

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory Allaire's JRUN ---------------------------------------------------------------------- FS Advisory ID: FS-102300-12-JRUN Release Date: October 23, 2000 Product: JRun 3.0 Vendor: Allaire Inc...

Exploits0
Exploit DB
Exploit DB
added 2000/10/23 12:0 a.m.38 views

Allaire JRun 3 - Directory Disclosure

source: https://www.securityfocus.com/bid/1830/info Allaire JRun is a web application development suite with JSP and Java Servlets. Each web application directory contains a WEB-INF directory, this directory contains information on web application classes, pre-compiled JSP files, server side...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2000/10/23 12:0 a.m.8 views

Allaire JRun 3 - Directory Disclosure

Allaire JRun 3 - Directory Disclosure source: https://www.securityfocus.com/bid/1830/info Allaire JRun is a web application development suite with JSP and Java Servlets. Each web application directory contains a WEB-INF directory, this directory contains information on web application classes,...

7.4AI score
Exploits0
Rows per page
Query Builder