|
Family: CGI abuses --> Category: infos
JBoss source disclosure Vulnerability Scan
Vulnerability Scan Summary Attempts to read the source of a jsp page
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is vulnerable to information disclosure attacks.
Description :
It is possible to make the remote web server disclose the source code of
its JSP pages by appending a NULL character to the name of the JSP files
requested (eg, 'foo.jsp%00'). A possible hacker may use this flaw to get the
source code of scripts on the remote host and possibly obtain passwords
and other sensitive information.
See also :
http://www.securityfocus.com/archive/1/323430
Solution :
None at this time
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|