Sun One WebServer 6.1 JSP Source Viewing vulnerability

2009-07-05T00:00:00
ID SECURITYVULNS:DOC:22123
Type securityvulns
Reporter Securityvulns
Modified 2009-07-05T00:00:00

Description

Sun One WebServer 6.1 JSP Source Viewing vulnerability

System: Sun-ONE-Web-Server/6.1, Windows Server 2003

SunOne WebServer (formerly Netscape Enterprise Server, iPlanet) on Windows Systems lets remote people disclose JSP Source code.

A normal URL would look like:

http://server/hello.jsp

To disclose the contents including source code of a JSP file:

http://server/hello.jsp::$DATA

Best Regards,

Nikolaos Rangos