ServletExec 4.1 ISAPI File Reading

By invoking the JSPServlet directly it is possible to read the contents of files within the webroot that would not normally be accessible global.asa, for example. SPDX-FileCopyrightText: 2002 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...

ServletExec 4.1 / JRun ISAPI DoS

By sending an overly long request for a .jsp file it is possible to crash the remote web server. This problem is known as the ServletExec / JRun ISAPI DoS. SPDX-FileCopyrightText: 2002 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

servletexec-4.1.txt

Westpoint Security Advisory Title: Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1 Risk Rating: High Software: ServletExec 4.1 ISAPI / IIS 4 & 5 Platforms: Win2k / WinNT 4 Vendor URL: www.newatlanta.com Author: Matt Moore Date: 22 May 2002 Advisory ID: wp-02-0006.txt Overview:...

ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Traversal Arbitrary File Access

By invoking the JSPServlet directly it is possible to read the contents of files within the webroot that would not normally be accessible global.asa, for example. When attempting to retrieve ASP pages it is common to see many errors due to their similarity to JSP pages in syntax, and hence only...

ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Path Disclosure

By requesting a nonexistent .JSP file, or by invoking the JSPServlet directly and supplying no filename, it is possible to make the ServletExec ISAPI filter disclose the physical path of the webroot. %NASLMINLEVEL 70300 This script was written by Matt Moore Script audit and contributions from...