CVE-2005-1112

IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages .jsp via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the...

Oracle Application Server J2EE Container Detection

Binary data 2831.prm...

IBM WebSphere application server information leak

It's possible to obtain JSP page source code by requesting non-existing virtual host...

Oracle Application Server 10g Detection

Binary data 2830.prm...

IBM WebSphere Application Server Malformed Host Header JSP Source Disclosure

It is possible to make the remote web server disclose the source code of its JSP pages by requesting the pages with a nonexistent hostname in the HTTP 'Host' header request when WebSphere Application is sharing the document root of the web server. An attacker may use this flaw to get the source...

IBM Websphere 5.05.16.0 - Application Server Web Server Root JSP Source Code Disclosure

IBM Websphere 5.05.16.0 - Application Server Web Server Root JSP Source Code Disclosure source: https://www.securityfocus.com/bid/13160/info A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to...

IBM Websphere 5.0/5.1/6.0 - Application Server Web Server Root JSP Source Code Disclosure

source: https://www.securityfocus.com/bid/13160/info A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to properly handle various requests under certain circumstances. It should be noted that thi...

Macromedia Coldfusion MX application server information leak

Compilde JAVA pages are stored in the Web accessible directory...

CVE-2002-1637

Oracle 9i Application Server (9iAS) is affected by CVE-2002-1637 due to default credentials configured across multiple components. Over 160 usernames/passwords are present (e.g., SYS, SYSTEM, AQJAVA, OWA, IMAGEUSER, USER1, USER2, PLSQL, DEMO, FINANCE), which can allow privilege escalation for att...

CVE-2002-1635

The CVE-2002-1635 entry concerns Oracle 9i Application Server (9iAS) where the Apache httpd.conf uses a Location alias for /perl instead of a ScriptAlias. This misconfiguration enables a remote attacker to read the source code of arbitrary CGI files via a URL that targets /perl rather than /cgi-b...

EUVD-2002-1622

Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server 9iAS allow remote attackers to execute arbitrary code via unknown vectors...

CVE-2002-1630

The CVE-2002-1630 entry affects Oracle 9i Application Server (9iAS). The vulnerability is in the sendmail.jsp sample page, described as allowing remote attackers to send arbitrary emails. Public details in the provided documents confirm the affected component is the sendmail.jsp page, but there i...

CVE-2002-1632

CVE-2002-1632 is documented in multiple security feeds as an information disclosure flaw in Oracle 9i Application Server (9iAS). The affected component is the 9iAS sample pages, which can leak environment variables and other sensitive information through the pages named info.jsp, printenv, echo, ...

[SA14677] Sun Java System Application Server Cross-Site Scripting

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: Sun Java System Application Server Cross-Site Scriptin...

Sun Java System Application Server crossite scripting

No description provided...

Spinworks Application Server 3.0 - Remote Denial of Service

Spinworks Application Server 3.0 - Remote Denial of Service source: https://www.securityfocus.com/bid/12794/info A remote denial of service vulnerability affects Spinworks Application Server. This issue is due to a failure of the application to properly handle malformed requests. An attacker may...

Spinworks Application Server 3.0 - Remote Denial of Service

source: https://www.securityfocus.com/bid/12794/info A remote denial of service vulnerability affects Spinworks Application Server. This issue is due to a failure of the application to properly handle malformed requests. An attacker may leverage this issue to trigger a denial of service condition...

[SA14579] Spinworks Application Server Web Server Denial of Service

---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l...

CVE-2005-0742

CVE-2005-0742 describes a cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7. The issue allows remote attackers to inject arbitrary web script or HTML via unknown vectors, potentially affecting the integrity of user data. The cited NVD metrics indicate a low to mediu...

[SA14274] IBM WebSphere Application Server JSP Source Code Disclosure

TITLE: IBM WebSphere Application Server JSP Source Code Disclosure SECUNIA ADVISORY ID: SA14274 VERIFY ADVISORY: http://secunia.com/advisories/14274/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: IBM WebSphere Application Server 6.x...