Family: CGI abuses --> Category: infos
JBoss source disclosure Vulnerability Scan
Vulnerability Scan Summary
Attempts to read the source of a jsp page
Detailed Explanation for this Vulnerability Test
The remote web server is vulnerable to information disclosure attacks.
It is possible to make the remote web server disclose the source code of
its JSP pages by appending a NULL character to the name of the JSP files
requested (eg, 'foo.jsp%00'). A possible hacker may use this flaw to get the
source code of scripts on the remote host and possibly obtain passwords
and other sensitive information.
See also :
None at this time
Medium / CVSS Base Score : 4
Click HERE for more information and discussions on this network vulnerability scan.