318 matches found
IBM WebSphere Java Server Pages (JSP) source code leak
No description provided...
Integrigy Security Alert - Oracle E-Business Suite AOL/J Setup Test Information Disclosure
Integrigy Security Alert Oracle E-Business Suite AOL/J Setup Test Information Disclosure July 23, 2003 Summary: The Oracle Applications AOL/J Setup Test Suite, used to trouble-shoot the Self-Service framework, can be exploited to remotely retrieve sensitive configuration and host information...
CVE-2002-2347
Cross-site scripting XSS vulnerability in Oracle Java Server Page OJSP demo files 1 hellouser.jsp, 2 welcomeuser.jsp and 3 usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field...
CVE-2002-1822
IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page JSP...
CVE-2002-2007
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages JSP in the 1 test/jsp, 2 samples/jsp and 3 examples/jsp directories, or the 4...
CVE-2002-0937
The Java Server Pages JSP engine in JRun allows web page owners to cause a denial of service engine crash on the web server via a JSP page that calls WPrinterJob.pageSetupnull,null...
CVE-2002-0936
The Java Server Pages JSP engine in Tomcat allows web page owners to cause a denial of service engine crash on the web server via a JSP page that calls WPrinterJob.pageSetupnull,null...
CVE-2002-0936
The Java Server Pages JSP engine in Tomcat allows web page owners to cause a denial of service engine crash on the web server via a JSP page that calls WPrinterJob.pageSetupnull,null...
CVE-2002-0937
The Java Server Pages JSP engine in JRun allows web page owners to cause a denial of service engine crash on the web server via a JSP page that calls WPrinterJob.pageSetupnull,null...
vqServer 1.9.x - CGI Demo Program Script Injection
vqServer 1.9.x - CGI Demo Program Script Injection source: https://www.securityfocus.com/bid/4573/info vqServer is a HTTP server implemented in Java. vqServer is available on any architecture supporting Java, including Linux and Microsoft Windows. Reportedly, numerous default CGI scripts included...
JRun SSI Request Body Parsing
Vulnerable Products: JRun Java application server from Allaire. All current versions with latest security patches as of November 2001 are believed to be affected, including 2.3.3, 3.0, and 3.1. Impact: Revealing of source code to Java Server Pages, and other protected files inside the web root...
CVE-2001-0926
SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages .jsp and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an include statement...
Jakarta Tomcat 3.x4.0 - Error Message Information Disclosure
Jakarta Tomcat 3.x4.0 - Error Message Information Disclosure source: https://www.securityfocus.com/bid/3199/info When a malformed request is made for a Java Server Page the server displays an error page. The error page contains potentially sensitive information, along with the absolute path of th...
CVE-2000-0146
The CVE-2000-0146 issue affects the Java Server in Novell GroupWise Web Access Enhancement Pack. A remote attacker can cause a denial of service by sending an excessively long URL to the servlet, leading to availability impact. Connected sources corroborate a URL-length-based DoS vector (e.g., lo...
BEA WebLogic JSP showcode vulnerability
Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory BEA's WebLogic ---------------------------------------------------------------------- FS Advisory ID: FS-061200-2-BEA Release Date: June 12, 2000 Product: WebLogic Vendor: BEA Systems http://www.beasys.com...
PT-2000-1437 · Bea · Bea Weblogic
Name of the Vulnerable Software and Affected Versions: BEA WebLogic versions 3.1.8 through 4.5.1 Description: The default configuration of the software allows a remote attacker to view the source code of a JSP program. This can be achieved by requesting a URL that provides the JSP extension in...
PT-2000-1435 · Ibm · Ibm Websphere Server
Name of the Vulnerable Software and Affected Versions: IBM WebSphere server version 3.0.2 Description: The issue allows a remote attacker to view the source code of a JSP program. This can be achieved by requesting a URL that provides the JSP extension in upper case. Recommendations: For IBM...
CVE-2000-0146
The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet...