CVE-2002-1394

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...

CVE-2002-1635

The Apache configuration file httpd.conf in Oracle 9i Application Server 9iAS uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin...

CVE-2002-2186

Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL...

PT-2002-2467 · Microsoft · Iis

Name of the Vulnerable Software and Affected Versions: Microsoft IIS version 5.0 Description: The issue is related to an off-by-one error in the CodeBrws.asp sample script. This error allows remote attackers to view the source code for files with extensions containing one additional character aft...

GoAhead Web Server 2.1.x - '.ASP' File Source Code Disclosure

source: https://www.securityfocus.com/bid/9239/info A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP requests. An attacker can append certain characters to the end of a...

GoAhead Web Server 2.1.x - .ASP File Source Code Disclosure

GoAhead Web Server 2.1.x - .ASP File Source Code Disclosure source: https://www.securityfocus.com/bid/9239/info A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP request...

Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure

The version of Apache Tomcat running on the remote host is affected by an information disclosure vulnerability. It is possible to view source code using the default servlet : org.apache.catalina.servlets.DefaultServlet A remote attacker can exploit this information to mount further attacks. This...

Perception LiteServe 2.0 - CGI Source Disclosure

Perception LiteServe 2.0 - CGI Source Disclosure source: https://www.securityfocus.com/bid/6188/info By constructing a malicious web request, it is possible for a remote attacker to disclose the source code of CGI scripts. Information gained through exploiting this issue may aid an attacker in...

QNX 6.1 TimeCreate weakness

I've found bug in QNX-6.1 timer implementation. After creating some number at least 2 of timers with 1 ms tick system hangs. Please consider attached source code. Code can be executed by unprivilegged users. Pawel Pisarczyk ------------------------ IMMOS - IMMOrtal Systems...

Important: Red Hat Security Advisory: tomcat security update for Stronghold

Updated tomcat packages are now available for Stronghold on Red Hat Linux Advanced Server to close a JSP source code exposure vulnerability. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. A source code...

Apache discloses source code via POST requests to a location with WebDAV and CGI enabled

Overview There is an information leakage in Apache that results from an interaction between WebDAV and CGI. Description Apache version 2.0.42 allows remote attackers to obtain the source code of CGI scripts that are stored in locations for which both CGI and WebDAV are enabled. When a POST reques...

CVE-2002-1148

The default servlet org.apache.catalina.servlets.DefaultServlet in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet...

DEBIAN-CVE-2002-1156

Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled...

Sendmail Trojan Horse Vulnerability

Description Reportedly, the server hosting sendmail, ftp.sendmail.org, was compromised recently. It has been reported that the intruder made modifications to the source code of sendmail to include Trojan Horse code. Downloads of the sendmail source code from ftp.sendmail.org between September 28,...

Sendmail 8.12.6 - Compromised Source Backdoor

source: https://www.securityfocus.com/bid/5921/info Reportedly, the server hosting sendmail, ftp.sendmail.org, was compromised recently. It has been reported that the intruder made modifications to the source code of sendmail to include Trojan Horse code. Downloads of the sendmail source code fro...

[SECURITY] [DSA 169-1] New tomcat packages fix unintended source code disclosure

-------------------------------------------------------------------------- Debian Security Advisory DSA 169-1 [email protected] http://www.debian.org/security/ Martin Schulze October, 4th, 2002 http://www.debian.org/security/faq -...

[SECURITY] [DSA 169-1] New tomcat packages fix unintended source code disclosure

-------------------------------------------------------------------------- Debian Security Advisory DSA 169-1 [email protected] http://www.debian.org/security/ Martin Schulze October, 4th, 2002 http://www.debian.org/security/faq -...

DSA-170 tomcat4 - source code disclosure

Bulletin has no description...

JSP source code exposure in Tomcat 4.x

Tomcat 4.x JSP source exposure security advisory 1. Summary Tomcat 4.0.4 and 4.1.10 probably all other earlier versions also are vulnerable to source code exposure by using the default servlet org.apache.catalina.servlets.DefaultServlet. 2. Details: Let say you have valid URL like...

Apache Tomcat 3/4 - 'DefaultServlet' File Disclosure

source: https://www.securityfocus.com/bid/5786/info The servlet 'org.apache.catalina.servlets.DefaultServlet' is included with Apache Tomcat by default. It is possible to use this servlet to view contents of files within the webroot. This includes JSP source code, which may contain sensitive data...