387 matches found
mod_jk2 v2.0.2 for Apache 2.0 Remote Buffer Overflow Exploit (win32)
No description provided by source. / Dreatica-FXP crew ---------------------------------------- Target : modjk2 v2.0.2 for Apache 2.0 Win32 Found by : IOActive Security Advisory ----------------------------------------...
Debian Security Advisory DSA 1170-1 (gcc-3.4)
The remote host is missing an update to gcc-3.4 announced via advisory DSA 1170-1. Jürgen Weigert discovered that upon unpacking JAR archives fastjar from the GNU Compiler Collection does not check the path for included files and allows to create or overwrite files in upper directories. OpenVAS...
Directory traversal
F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via 1 a trailing null byte, 2 multiple leading slashes, 3 Unicode encoding, 4 URL-encoded directory traversal or same-directory characters, or 5 upper case letters in the domain name...
CVE-2007-0187
F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via 1 a trailing null byte, 2 multiple leading slashes, 3 Unicode encoding, 4 URL-encoded directory traversal or same-directory characters, or 5 upper case letters in the domain name...
CVE-2000-0499
BEA WebLogic 3.1.8–4.5.1 is affected. The default configuration allows a remote attacker to view the source code of a JSP program by requesting a URL that exposes the JSP extension in upper case. Root cause: default config enables exposing JSP source. Impact: confidentiality of JSP source could b...
PT-2000-1435 · Ibm · Ibm Websphere Server
Name of the Vulnerable Software and Affected Versions: IBM WebSphere server version 3.0.2 Description: The issue allows a remote attacker to view the source code of a JSP program. This can be achieved by requesting a URL that provides the JSP extension in upper case. Recommendations: For IBM...
PT-2000-1437 · Bea · Bea Weblogic
Name of the Vulnerable Software and Affected Versions: BEA WebLogic versions 3.1.8 through 4.5.1 Description: The default configuration of the software allows a remote attacker to view the source code of a JSP program. This can be achieved by requesting a URL that provides the JSP extension in...