Family: CGI abuses --> Category: infos
IBM WebSphere Application Server JSP Source Disclosure Vulnerability Scan
Vulnerability Scan Summary
Attempts to read the source of a jsp page
Detailed Explanation for this Vulnerability Test
The remote web server is affected by an information disclosure flaw.
It is possible to make the remote web server disclose the source code
of its JSP pages by requesting the pages with a non-existing hostname
in the HTTP 'Host' header request when WebSphere Application is
sharing the document root of the web server. A possible hacker may use this
flaw to get the source code of your CGIs and possibly to obtain
passwords and other relevant information about this host.
See also :
Move JSP source files outside the web server document root.
Low / CVSS Base Score : 3
Click HERE for more information and discussions on this network vulnerability scan.