WebTrends Enterprise Reporting Server 3.1 c3.5 - Source Code Disclosure

WebTrends Enterprise Reporting Server 3.1 c3.5 - Source Code Disclosure source: https://www.securityfocus.com/bid/2812/info WebTrends Live is a web-based reporting service which provides interactive tracking of usage statistics and E-commerce revenue. It is possible to view the source code of...

WebTrends Enterprise Reporting Server 3.1 c/3.5 - Source Code Disclosure

source: https://www.securityfocus.com/bid/2812/info WebTrends Live is a web-based reporting service which provides interactive tracking of usage statistics and E-commerce revenue. It is possible to view the source code of arbitrary scripts on the WebTrends Live webserver. This is accomplished by...

Omnicron OmniHTTPd 2.0.4-8 - File Source Disclosure

source: https://www.securityfocus.com/bid/2788/info Submitting a specially crafted GET request for a known file .php, .pl, or .shtml, could cause OmniHTTPD to disclose the source code of the requested resource. The GET requested would have to be appended with the Unicode equivalent of a space...

CVE-2001-0399

CVE-2001-0399 affects Caucho Resin 1.3b1 and earlier. A path traversal / information disclosure flaw lets remote attackers read Javabean source by inserting a .jsp before the WEB-INF specifier in an HTTP request. OpenVAS entries corroborate the issue as a remote vulnerability with a 5.0 CVSS base...

CVE-2001-0399

Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request...

CVE-2001-0446

CVE-2001-0446 affects IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2. The issue enables remote attackers to read source code for *.jsp files by appending a "/" to the requested URL, exposing partial confidentiality (C:P/I:N/A:N; CVSS v2 base 5.0). No exploitation details a...

CVE-1999-0922

An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file...

CVE-1999-0758

Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL...

CVE-1999-0922

CVE-1999-0922 concerns ColdFusion Server 4.0, where remote attackers can view source code via the sourcewindow.cfm file. The NVD CVSSv2 base score is 5.0 (Medium) with vector AV:N/AC:L/Au:N/C:P/I:N/A:N, indicating a network-accessible issue with low exploit complexity and partial confidentiality ...

CVE-1999-0758

Affected software: Netscape Enterprise 3.5.1 and FastTrack 3.01. Vulnerability: remote attacker can view the source code of scripts by appending a space-encoded %20 to the script URL. Root cause / vector: insufficient handling of trailing spaces in URLs that leads to source disclosure. Impact: ex...

CVE-2000-0302

Microsoft Index Server WebHits ISAPI filter vulnerability (MS00-06) allows remote attackers to disclose ASP source by requesting null.htw with a crafted CiWebHitsFile argument (via %20). Connected OpenVAS entries describe the WebHits component’s information disclosure and path/file reading issues...

CVE-2001-0312

CVE-2001-0312 affects the IBM WebSphere plugin for Netscape Enterprise Server. The issue allows remote attackers to read JSP source code by issuing an HTTP request whose Host header references a host not in WebSphere’s host aliases, bypassing normal processing. The available connected documents p...

CVE-2001-0312

IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing...

Re: Tomcat may reveal script source code by URL trickery

There is another way to get the source from a jsp page using Tomcat. If you don't write HTTP/1.0 or HTTP/1.1 in the end of the GET request, you will get the source code and not the jsp processed. In other words, use Apache + Tomcat if you intend to protect your source code. telnet maq106 8080...

Security Advisory(CSA-200110)

Topic:Tomcat 4.0-b2 for winnt/2000 show ".jsp" source Vulnerability. vulnerable: winnt/2000maybe for other operating system also + Tomcat 4.0-b2 discussion: A security vulnerability has been found in Windows NT/2000 systems that have Tomcat 4.0-b2 installed. The vulnerability allows remote...

BEA WebLogic may reveal script source code by URL trickery

Meta comment ------------ The reported problem seems to have been fixed in recent versions, without me talking to BEA. This may indicate that other people have reported the problem before me I was unable to find it on Securityfocus' vulnerability database. It may also mean that the problem is...

Tomcat may reveal script source code by URL trickery

Tomcat may reveal script source code by URL trickery ---------------------------------------------------- Sverre H. Huseby advisory 2001-03-29 Systems affected ---------------- Tomcat 4.0-b1 latest milestone and nighly build as of 2001-03-28 tested. Other versions may be vulnerable too. The probl...

Tomcat 3.2.14.0 Weblogic Server 5.1 - URL JSP Request Source Code Disclosure

Tomcat 3.2.14.0 Weblogic Server 5.1 - URL JSP Request Source Code Disclosure source: https://www.securityfocus.com/bid/2527/info BEA Systems WebLogic Server is an enterprise level web and wireless application server. Tomcat can be used together with the Apache web server or a stand alone server f...

Tomcat 3.2.1/4.0 / Weblogic Server 5.1 - URL JSP Request Source Code Disclosure

source: https://www.securityfocus.com/bid/2527/info BEA Systems WebLogic Server is an enterprise level web and wireless application server. Tomcat can be used together with the Apache web server or a stand alone server for Java Servlets and Java Pages. Tomcat ships with a built in web server...

CVE-1999-0758

Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL...