|
Family: CGI abuses --> Category: infos
Apache Tomcat source.jsp malformed request information disclosure Vulnerability Scan
Vulnerability Scan Summary Checks for the Tomcat source.jsp malformed request vulnerability
Detailed Explanation for this Vulnerability Test
The source.jsp file, distributed with Apache Tomcat server, will
disclose information when passed a malformed request. As a result,
information such as the web root path and directory listings could
be obtained.
Example: http://target/examples/jsp/source.jsp?? - reveals the web root
http://target/examples/jsp/source.jsp?/jsp/ - reveals the contents of the jsp directory
See also: http://www.securityfocus.com/bid/4876
Solution: Remove default files from the web server
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|