|
Family: CGI abuses --> Category: infos
IBM WebSphere Application Server '%20' source disclosure Vulnerability Scan
Vulnerability Scan Summary Attempts to read the source of a jsp page
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is affected by an information disclosure flaw.
Description :
It is possible to make the remote web server disclose the source code
of its JSP pages by requesting the .jsp file with a '%20' appended to
the request.
A possible hacker may use this flaw to get the source code of your CGIs and
possibly to obtain passwords and other relevant information about this
host.
See also :
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013142
Solution :
Apply version 6.1.0 Fix Pack 2 or later.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|