|
Family: CGI abuses --> Category: infos
ServletExec 4.1 ISAPI Physical Path Disclosure Vulnerability Scan
Vulnerability Scan Summary Tests for ServletExec 4.1 ISAPI Path Disclosure
Detailed Explanation for this Vulnerability Test
By requesting a non-existent .JSP file, or by invoking the JSPServlet
directly and supplying no filename, it is possible to make the ServletExec
ISAPI filter disclose the physical path of the webroot.
Solution:
Use the main ServletExec Admin UI to set a global error page for the entire
ServletExec Virtual Server.
References: www.westpoint.ltd.uk/advisories/wp-02-0006.txt
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|