|
Family: CGI abuses --> Category: infos
Blazix Web Server JSP source disclosure Vulnerability Scan
Vulnerability Scan Summary Attempts to read the source of a jsp page
Detailed Explanation for this Vulnerability Test
It is possible to make the remote web server disclose the source
code of its JSP pages by requesting the pages while appending a plus
sign or a backslash to its name (ie: filename.jsp+ instead of filename.jsp).
A possible hacker may use this flaw to get the source code of your CGIs
and possibly obtain passwords and other relevant information about
this host.
Solution : Upgrade to Blazix 1.2.1 or newer
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|