|
|
Family: CGI abuses --> Category: infos
WEB-INF folder accessible Vulnerability Scan
Vulnerability Scan Summary
Tests for WEB-INF folder access
Detailed Explanation for this Vulnerability Test
This vulnerability affects the Win32 versions of multiple j2ee servlet
containers / application servers. By making a particular request to the
servers in question it is possible to retrieve files located under
the 'WEB-INF' directory.
For example:
www.someserver.com/WEB-INF./web.xml
or
www.someserver.com/WEB-INF./classes/MyServlet.class
Solution:
Contact your vendor for the appropriate patch.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
