|
Family: CGI abuses --> Category: infos
ServletExec 4.1 ISAPI File Reading Vulnerability Scan
Vulnerability Scan Summary Tests for ServletExec File Reading
Detailed Explanation for this Vulnerability Test
By invoking the JSPServlet directly it is possible to read the contents of
files within the webroot that would not normally be accessible (global.asa,
for example.) When attempting to retrieve ASP pages it is common to see many
errors due to their similarity to JSP pages in syntax, and hence only
fragments of these pages are returned. Text files can generally be read
without problem.
Solution:
Download Patch #9 from ftp://ftp.newatlanta.com/public/4_1/patches/
References: www.westpoint.ltd.uk/advisories/wp-02-0006.txt
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|