130 matches found
CVE-2006-1093
Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed...
Test both the JSP environment the following security vulnerabilities-vulnerability warning-the black bar safety net
Author: xy7BCT The first test JSP program vulnerabilities, to be exact is a server poor configuration leading to security risks, wrong place hope everyone noted it!!! Previously in some articles on the see on the JSP site storm any files of the original code of the vulnerability, and today finall...
CVE-2005-4836
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information...
CVE-2005-4836
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information...
CVE-2000-1224
Caucho Technology Resin 1.2 and possibly earlier allows remote attackers to view JSP source via an HTTP request to a .jsp file with certain characters appended to the file name, such as 1 "..", 2 "%2e..", 3 "%81", 4 "%82", and others...
CVE-2000-1224
CVE-2000-1224 affects Caucho Technology Resin 1.2 (and possibly earlier). The vulnerability allows remote attackers to view JSP source by requesting a .jsp file with special appended characters in the filename (examples include “..”, “%2e..”, “%81”, “%82”, and others). This indicates a likely imp...
IBM Websphere 5.05.16.0 - Application Server Web Server Root JSP Source Code Disclosure
IBM Websphere 5.05.16.0 - Application Server Web Server Root JSP Source Code Disclosure source: https://www.securityfocus.com/bid/13160/info A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to...
IBM Websphere 5.0/5.1/6.0 - Application Server Web Server Root JSP Source Code Disclosure
source: https://www.securityfocus.com/bid/13160/info A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to properly handle various requests under certain circumstances. It should be noted that thi...
CVE-2004-0280
Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" encoded space character, e.g. index.jsp%20...
Apache Tomcat 4.0.x < 4.0.5 / 4.1.x < 4.1.11 JSP Source Code Disclosure
Binary data 1463.pasl...
BEA WebLogic < 5.1 SP 11 JSP Source Disclosure
Binary data 1538.prm...
CVE-2004-0280
CVE-2004-0280 affects Caucho Technology Resin 2.1.12, where an attacker can remotely view JSP source by issuing an HTTP request to a .jsp file that ends with an encoded space (for example index.jsp%20). The underlying issue allows partial disclosure of source content, as reflected in the CVSS-bas...
CVE-2004-0280
Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" encoded space character, e.g. index.jsp%20...
CVE-2003-0411
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension...
CVE-2003-0411
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension...
PT-2003-1602 · Sun · Sun One Application Server
Name of the Vulnerable Software and Affected Versions: Sun ONE Application Server version 7.0 Description: The issue allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. Recommendations: For Sun ONE...
JBoss %00 Request JSP Source Disclosure
It is possible to make the remote web server disclose the source code of its JSP pages by appending a NULL character to the name of the JSP files requested eg, 'foo.jsp%00'. An attacker may use this flaw to get the source code of scripts on the remote host and possibly obtain passwords and other...
JBoss.txt
Hi, jboss 3.2.1 with jetty seems to be vulnerable to jsp source code disclosure. Trying to access the ServerInfo.jsp with an suffixed "%00" shows the source code of this JSP. Seems to be a forgotten debug feature :- http://192.168.0.4:8080/web-console/ServerInfo.jsp%00 Sincerely Marc Schoenefeld...
JBOSS 3.2.1: JSP source code disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, jboss 3.2.1 with jetty seems to be vulnerable to jsp source code disclosure. Trying to access the ServerInfo.jsp with an suffixed "00" shows the source code of this JSP. Seems to be a forgotten debug feature :-...
Multiple Vulnerabilities in Sun-One Application Server
Multiple Vulnerabilities in Sun-One Application Server ------------------------------------------------------- Release Date: May 27, 2003 System Affected Sun-ONE Application Server 7.0 for Windows 2000/XP Description During a brief audit of a SunONE Application Server installation on Windows 2000...