Lucene search
+L

130 matches found

Cvelist
Cvelist
added 2006/03/09 11:0 a.m.31 views

CVE-2006-1093

Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed...

6.2AI score0.01354EPSS
Exploits0References4
myhack58
myhack58
added 2006/03/09 12:0 a.m.13 views

Test both the JSP environment the following security vulnerabilities-vulnerability warning-the black bar safety net

Author: xy7BCT The first test JSP program vulnerabilities, to be exact is a server poor configuration leading to security risks, wrong place hope everyone noted it!!! Previously in some articles on the see on the JSP site storm any files of the original code of the vulnerability, and today finall...

7AI score
Exploits0
UbuntuCve
UbuntuCve
added 2005/12/31 5:0 a.m.37 views

CVE-2005-4836

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information...

7.8CVSS5.9AI score0.03474EPSS
Exploits0References1
NVD
NVD
added 2005/12/31 5:0 a.m.23 views

CVE-2005-4836

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information...

7.8CVSS7.5AI score0.03474EPSS
Exploits0References5
Cvelist
Cvelist
added 2005/05/19 4:0 a.m.24 views

CVE-2000-1224

Caucho Technology Resin 1.2 and possibly earlier allows remote attackers to view JSP source via an HTTP request to a .jsp file with certain characters appended to the file name, such as 1 "..", 2 "%2e..", 3 "%81", 4 "%82", and others...

6.8AI score0.02865EPSS
Exploits0References4
CVE
CVE
added 2005/05/19 4:0 a.m.58 views

CVE-2000-1224

CVE-2000-1224 affects Caucho Technology Resin 1.2 (and possibly earlier). The vulnerability allows remote attackers to view JSP source by requesting a .jsp file with special appended characters in the filename (examples include “..”, “%2e..”, “%81”, “%82”, and others). This indicates a likely imp...

5CVSS7.2AI score0.02865EPSS
Exploits0References4Affected Software1
exploitpack
exploitpack
added 2005/04/13 12:0 a.m.14 views

IBM Websphere 5.05.16.0 - Application Server Web Server Root JSP Source Code Disclosure

IBM Websphere 5.05.16.0 - Application Server Web Server Root JSP Source Code Disclosure source: https://www.securityfocus.com/bid/13160/info A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to...

7.6AI score
Exploits0
Exploit DB
Exploit DB
added 2005/04/13 12:0 a.m.54 views

IBM Websphere 5.0/5.1/6.0 - Application Server Web Server Root JSP Source Code Disclosure

source: https://www.securityfocus.com/bid/13160/info A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to properly handle various requests under certain circumstances. It should be noted that thi...

7.4AI score
Exploits0
NVD
NVD
added 2004/11/23 5:0 a.m.17 views

CVE-2004-0280

Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" encoded space character, e.g. index.jsp%20...

5CVSS6.6AI score0.01531EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.14 views

Apache Tomcat 4.0.x < 4.0.5 / 4.1.x < 4.1.11 JSP Source Code Disclosure

Binary data 1463.pasl...

5CVSS7.3AI score0.1682EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2004/08/18 12:0 a.m.15 views

BEA WebLogic < 5.1 SP 11 JSP Source Disclosure

Binary data 1538.prm...

5CVSS7.3AI score0.01618EPSS
Exploits0References3
CVE
CVE
added 2004/03/18 5:0 a.m.47 views

CVE-2004-0280

CVE-2004-0280 affects Caucho Technology Resin 2.1.12, where an attacker can remotely view JSP source by issuing an HTTP request to a .jsp file that ends with an encoded space (for example index.jsp%20). The underlying issue allows partial disclosure of source content, as reflected in the CVSS-bas...

5CVSS7AI score0.01531EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2004/03/18 5:0 a.m.21 views

CVE-2004-0280

Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" encoded space character, e.g. index.jsp%20...

6.6AI score0.01531EPSS
Exploits1References3
NVD
NVD
added 2003/06/30 4:0 a.m.20 views

CVE-2003-0411

Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension...

7.5CVSS7.6AI score0.27069EPSS
Exploits1References7
Cvelist
Cvelist
added 2003/06/11 4:0 a.m.26 views

CVE-2003-0411

Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension...

7.6AI score0.27069EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2003/06/11 12:0 a.m.7 views

PT-2003-1602 · Sun · Sun One Application Server

Name of the Vulnerable Software and Affected Versions: Sun ONE Application Server version 7.0 Description: The issue allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. Recommendations: For Sun ONE...

7.5CVSS6.5AI score0.27069EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2003/06/03 12:0 a.m.178 views

JBoss %00 Request JSP Source Disclosure

It is possible to make the remote web server disclose the source code of its JSP pages by appending a NULL character to the name of the JSP files requested eg, 'foo.jsp%00'. An attacker may use this flaw to get the source code of scripts on the remote host and possibly obtain passwords and other...

5.7AI score
Exploits0References1
Packet Storm
Packet Storm
added 2003/06/03 12:0 a.m.98 views

JBoss.txt

Hi, jboss 3.2.1 with jetty seems to be vulnerable to jsp source code disclosure. Trying to access the ServerInfo.jsp with an suffixed "%00" shows the source code of this JSP. Seems to be a forgotten debug feature :- http://192.168.0.4:8080/web-console/ServerInfo.jsp%00 Sincerely Marc Schoenefeld...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/06/02 12:0 a.m.27 views

JBOSS 3.2.1: JSP source code disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, jboss 3.2.1 with jetty seems to be vulnerable to jsp source code disclosure. Trying to access the ServerInfo.jsp with an suffixed "00" shows the source code of this JSP. Seems to be a forgotten debug feature :-...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2003/05/28 12:0 a.m.28 views

Multiple Vulnerabilities in Sun-One Application Server

Multiple Vulnerabilities in Sun-One Application Server ------------------------------------------------------- Release Date: May 27, 2003 System Affected Sun-ONE Application Server 7.0 for Windows 2000/XP Description During a brief audit of a SunONE Application Server installation on Windows 2000...

6.9AI score
Exploits0
Rows per page
Query Builder