JSP pages source code access updated since 08.06.2000
Published:		03.05.2002
Source:		NTBUGTRAQ
SecurityVulns ID:		257
Type:		remote
Level:		6/10
Description:		There are multiple ways to get a source code of JSP pages

Affected:		UNIFY : eWave ServletExec 3.0
		IBM : WebSphere 3.0.2
		BEA : Weblogic Server 5.1
		BEA : Weblogic Server 4.5
		CAUCHO : Resin 1.2
		IBM : IBM-HTTP-Server 1.0
		IBM : VSE-HTTPD 01.04
		ORACLE : WebLogic Server 6.1
		ORACLE : Oracle 9iAS
		GNU : GNUJSP 1.0

Original document		Peter Gründl, KPMG-2002016: Bea Weblogic incorrect URL parsing issues (03.05.2002)
		DEBIAN, [SECURITY] [DSA 114-1] New GNUJSP packages fix directory and script source disclosure (24.02.2002)
		NGSSoftware Insight Security Research, JSP translation file access under Oracle 9iAS (06.02.2002)
		'ken'@FTU, IBM AS/400 HTTP Server '/' attack (09.11.2001)
		benjurry, RESIN ServletExec JSP Source Disclosure Vulnerability(IIS 5) (24.11.2000)
		benjurry, RESIN ServletExec JSP Source Disclosure Vulnerability(Resin Web Server) (24.11.2000)
		benjurry, RESIN ServletExec JSP Source Disclosure Vulnerability(Apache 1.3.6 Win2k)) (24.11.2000)
		Woch, Wojciech, Disclosure of JSP source code with ServletExec AS v3.0c + web instance (22.11.2000)
		Foundstone Labs, Unify eWave ServletExec upload (01.11.2000)
		Foundstone Labs, Unify eWave ServletExec DoS (31.10.2000)
		Foundstone Labs, BEA's WebLogic *.jsp/*.jhtml remote command execution (02.08.2000)
		stuart.mcclure_(at)_FOUNDSTONE.COM, BEA's WebLogic force handlers show code vulnerability (01.08.2000)
		Foundstone Labs, IBM WebSphere default servlet handler showcode vulnerability (25.07.2000)
		stuart.mcclure_(at)_FOUNDSTONE.COM, BEA WebLogic JSP showcode vulnerability (13.06.2000)
		stuart.mcclure_(at)_FOUNDSTONE.COM, IBM WebSphere JSP showcode vulnerability (13.06.2000)
		Russ, Potential vulnerability in Unify eWave ServletExec (08.06.2000)

Files:		BugTraq ID: 1328
Discuss:		Read or add your comments to this news (0 comments)