Family: CGI abuses --> Category: infos
Orion Application Server JSP Script Source Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks version of Orion
Detailed Explanation for this Vulnerability Test
The remote application server suffers from an information disclosure
The remote host is running Orion Application Server, an application
server running on a Java2 platform.
According to its banner, the version of Orion installed on the remote
Windows host fails to properly validate filename extensions in URLs.
A remote attacker may be able to leverage this issue to disclose the
source of JSP scripts hosted by the affected application using
specially-crafted requests with dot and space characters.
See also :
Upgrade to Orion version 2.0.7 or later.
Low / CVSS Base Score : 2.3
Click HERE for more information and discussions on this network vulnerability scan.