CVE-2006-3231

Unspecified vulnerability in IBM WebSphere Application Server WAS before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters."...

CVE-2006-1093

Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed...

Test both the JSP environment the following security vulnerabilities-vulnerability warning-the black bar safety net

Author: xy7BCT The first test JSP program vulnerabilities, to be exact is a server poor configuration leading to security risks, wrong place hope everyone noted it!!! Previously in some articles on the see on the JSP site storm any files of the original code of the vulnerability, and today finall...

IBM Websphere 5.05.16.0 - Application Server Web Server Root JSP Source Code Disclosure

IBM Websphere 5.05.16.0 - Application Server Web Server Root JSP Source Code Disclosure source: https://www.securityfocus.com/bid/13160/info A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to...

CVE-2003-0411

Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension...

JBoss.txt

Hi, jboss 3.2.1 with jetty seems to be vulnerable to jsp source code disclosure. Trying to access the ServerInfo.jsp with an suffixed "%00" shows the source code of this JSP. Seems to be a forgotten debug feature :- http://192.168.0.4:8080/web-console/ServerInfo.jsp%00 Sincerely Marc Schoenefeld...

JBoss %00 Request JSP Source Disclosure

It is possible to make the remote web server disclose the source code of its JSP pages by appending a NULL character to the name of the JSP files requested eg, 'foo.jsp%00'. An attacker may use this flaw to get the source code of scripts on the remote host and possibly obtain passwords and other...

JBOSS 3.2.1: JSP source code disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, jboss 3.2.1 with jetty seems to be vulnerable to jsp source code disclosure. Trying to access the ServerInfo.jsp with an suffixed "00" shows the source code of this JSP. Seems to be a forgotten debug feature :-...

CVE-2002-1025

JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed...

CVE-2003-0042

CVE-2003-0042 affects Apache Jakarta Tomcat up to version 3.3.1a when used with JDK 1.3.1 or earlier. The vulnerability lets remote attackers cause directory listings and disclose JSP/source via a URL containing a null character, bypassing index.html or other welcome-file safeguards. Root cause i...

Apache Tomcat 3/4 - 'DefaultServlet' File Disclosure

source: https://www.securityfocus.com/bid/5786/info The servlet 'org.apache.catalina.servlets.DefaultServlet' is included with Apache Tomcat by default. It is possible to use this servlet to view contents of files within the webroot. This includes JSP source code, which may contain sensitive data...

Jakarta Tomcat serves JSP source code when supplied malformed HTTP request

Overview Tomcat does not adequately validate HTTP requests and may reveal JSP source code if supplied a malformed HTTP request. Description JavaServer Pages JSP is a technology that allows for the creation of dynamic web content. The Apache Jakarta Project implementation of JSP is known as Tomcat...

BEA WebLogic Null Byte Request JSP Source Disclosure

BEA WebLogic may be tricked into revealing the source code of JSP scripts by adding an encoded character %00x at the end of the request. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This script was written by Renaud Deraison and is based on BEAweblogicRevealsourcecode.nasl Script audit an...

Oracle 9iAS creates temporary files when processing JSP requests that are world-readable

Overview Oracle Database Server version 9iAS makes JSP source code publicly available. The source code may be used by attackers to analyze proprietary business logic or uncover Oracle's network configuration, usernames, and/or passwords. Description When Oracle receives a request for JSP file, it...

BEA WebLogic may reveal script source code by URL trickery

Meta comment ------------ The reported problem seems to have been fixed in recent versions, without me talking to BEA. This may indicate that other people have reported the problem before me I was unable to find it on Securityfocus' vulnerability database. It may also mean that the problem is...

Tomcat 3.2.14.0 Weblogic Server 5.1 - URL JSP Request Source Code Disclosure

Tomcat 3.2.14.0 Weblogic Server 5.1 - URL JSP Request Source Code Disclosure source: https://www.securityfocus.com/bid/2527/info BEA Systems WebLogic Server is an enterprise level web and wireless application server. Tomcat can be used together with the Apache web server or a stand alone server f...

Tomcat 3.2.1/4.0 / Weblogic Server 5.1 - URL JSP Request Source Code Disclosure

source: https://www.securityfocus.com/bid/2527/info BEA Systems WebLogic Server is an enterprise level web and wireless application server. Tomcat can be used together with the Apache web server or a stand alone server for Java Servlets and Java Pages. Tomcat ships with a built in web server...

CVE-2000-1114

Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20"...

Disclosure of JSP source code with ServletExec AS v3.0c + web instance

Test environment ---------------- NT 4.0 SP6a IIS v4 Sun JDK v1.2.2.006 ServletExec AS v3.0C Vendor status Unify --------------------- Issue reported on October 27th to [email protected] Confirmation on November 2nd that the problem was reproduced Confirmation that the issue was forwarded t...

Unify eWave ServletExec 3 - .JSP Source Disclosure

source : https://www.securityfocus.com/bid/1970/info Unify eWave ServletExec is a Java/Java Servlet engine plug-in for major web servers such as Microsoft IIS, Apache, Netscape Enterprise Server, etc. ServletExec will return the source code of JSP files when a HTTP request is appended with one of...