86 matches found
CVE-2003-0411
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension...
CVE-2003-0411
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension...
JBoss.txt
Hi, jboss 3.2.1 with jetty seems to be vulnerable to jsp source code disclosure. Trying to access the ServerInfo.jsp with an suffixed "%00" shows the source code of this JSP. Seems to be a forgotten debug feature :- http://192.168.0.4:8080/web-console/ServerInfo.jsp%00 Sincerely Marc Schoenefeld...
JBoss %00 Request JSP Source Disclosure
It is possible to make the remote web server disclose the source code of its JSP pages by appending a NULL character to the name of the JSP files requested eg, 'foo.jsp%00'. An attacker may use this flaw to get the source code of scripts on the remote host and possibly obtain passwords and other...
JBOSS 3.2.1: JSP source code disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, jboss 3.2.1 with jetty seems to be vulnerable to jsp source code disclosure. Trying to access the ServerInfo.jsp with an suffixed "00" shows the source code of this JSP. Seems to be a forgotten debug feature :-...
sunone.txt
Multiple Vulnerabilities in Sun-One Application Server ------------------------------------------------------- Release Date: May 27, 2003 System Affected Sun-ONE Application Server 7.0 for Windows 2000/XP Description During a brief audit of a SunONE Application Server installation on Windows 2000...
Multiple Vulnerabilities in Sun-One Application Server
Multiple Vulnerabilities in Sun-One Application Server ------------------------------------------------------- Release Date: May 27, 2003 System Affected Sun-ONE Application Server 7.0 for Windows 2000/XP Description During a brief audit of a SunONE Application Server installation on Windows 2000...
CVE-2002-1025
JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed...
Apache Tomcat Directory Listing and File Disclosure
Apache Tomcat prior to 3.3.1a is affected by a directory listing and file disclosure vulnerability. By requesting URLs containing a null character, remote attackers can list directories even when an index.html or other file is present or obtain unprocessed source code for a JSP file. Also note...
CVE-2003-0042
CVE-2003-0042 affects Apache Jakarta Tomcat up to version 3.3.1a when used with JDK 1.3.1 or earlier. The vulnerability lets remote attackers cause directory listings and disclose JSP/source via a URL containing a null character, bypassing index.html or other welcome-file safeguards. Root cause i...
JSP source code exposure in Tomcat 4.x
Tomcat 4.x JSP source exposure security advisory 1. Summary Tomcat 4.0.4 and 4.1.10 probably all other earlier versions also are vulnerable to source code exposure by using the default servlet org.apache.catalina.servlets.DefaultServlet. 2. Details: Let say you have valid URL like...
Apache Tomcat 34 - DefaultServlet File Disclosure
Apache Tomcat 34 - DefaultServlet File Disclosure source: https://www.securityfocus.com/bid/5786/info The servlet 'org.apache.catalina.servlets.DefaultServlet' is included with Apache Tomcat by default. It is possible to use this servlet to view contents of files within the webroot. This includes...
Apache Tomcat 3/4 - 'DefaultServlet' File Disclosure
source: https://www.securityfocus.com/bid/5786/info The servlet 'org.apache.catalina.servlets.DefaultServlet' is included with Apache Tomcat by default. It is possible to use this servlet to view contents of files within the webroot. This includes JSP source code, which may contain sensitive data...
Jakarta Tomcat serves JSP source code when supplied malformed HTTP request
Overview Tomcat does not adequately validate HTTP requests and may reveal JSP source code if supplied a malformed HTTP request. Description JavaServer Pages JSP is a technology that allows for the creation of dynamic web content. The Apache Jakarta Project implementation of JSP is known as Tomcat...
BEA WebLogic Null Byte Request JSP Source Disclosure
BEA WebLogic may be tricked into revealing the source code of JSP scripts by adding an encoded character %00x at the end of the request. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This script was written by Renaud Deraison and is based on BEAweblogicRevealsourcecode.nasl Script audit an...
Oracle 9iAS creates temporary files when processing JSP requests that are world-readable
Overview Oracle Database Server version 9iAS makes JSP source code publicly available. The source code may be used by attackers to analyze proprietary business logic or uncover Oracle's network configuration, usernames, and/or passwords. Description When Oracle receives a request for JSP file, it...
CVE-2001-0312
IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing...
Security Advisory(CSA-200110)
Topic:Tomcat 4.0-b2 for winnt/2000 show ".jsp" source Vulnerability. vulnerable: winnt/2000maybe for other operating system also + Tomcat 4.0-b2 discussion: A security vulnerability has been found in Windows NT/2000 systems that have Tomcat 4.0-b2 installed. The vulnerability allows remote...
BEA WebLogic may reveal script source code by URL trickery
Meta comment ------------ The reported problem seems to have been fixed in recent versions, without me talking to BEA. This may indicate that other people have reported the problem before me I was unable to find it on Securityfocus' vulnerability database. It may also mean that the problem is...
Tomcat 3.2.14.0 Weblogic Server 5.1 - URL JSP Request Source Code Disclosure
Tomcat 3.2.14.0 Weblogic Server 5.1 - URL JSP Request Source Code Disclosure source: https://www.securityfocus.com/bid/2527/info BEA Systems WebLogic Server is an enterprise level web and wireless application server. Tomcat can be used together with the Apache web server or a stand alone server f...