|
Family: CGI abuses --> Category: infos
Orion Application Server JSP Script Source Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks version of Orion
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote application server suffers from an information disclosure
flaw.
Description :
The remote host is running Orion Application Server, an application
server running on a Java2 platform.
According to its banner, the version of Orion installed on the remote
Windows host fails to properly validate filename extensions in URLs.
A remote attacker may be able to leverage this issue to disclose the
source of JSP scripts hosted by the affected application using
specially-crafted requests with dot and space characters.
See also :
http://secunia.com/secunia_research/2006-11/advisory/
Solution :
Upgrade to Orion version 2.0.7 or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|