Vulners
Lucene search
Sun Java Web Server 1.1 Beta Viewable .jhtml Source Vulnerability
source: http://www.securityfocus.com/bid/1891/info
A vulnerability exists in Sun Microsystems' JavaWebServer for Win32, version 1.1Beta. JavaWebServer is a Java-oriented web application development platform.
If a URL is submitted requesting a .jhtml file (an HTML document with embedded Java source) and a '.' or '/' character is appended to the filename, the source for that .jhtml file will be returned to the client, rather than being compiled on the server. As a result, system information which is not intended for disclosure to the client, such as database usernames and passwords, resource locations, website and network structure and business models, may be obtained by the attacker. As well as its inherent sensitivity, this type of information could potentially be used to implement other attacks on the host.
http://localhost/xyz.jhtml.
or
http://localhost/xyz.jhtml\
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1