7 lines
No EOL
474 B
Text
7 lines
No EOL
474 B
Text
source: http://www.securityfocus.com/bid/2703/info
|
|
|
|
It is possible for a remote user to traverse the directories of a host running Jana Server. Submitting a specially crafted URL using hex encoded 'double dot' sequences will reveal arbitrary directories. In addition to revealing directories, this vulnerability could enable a user to obtain the contents of files readable by the webserver user.
|
|
|
|
www.example.com/%2e%2e/%2e%2e/
|
|
|
|
www.example.com/%2e%2e/%2e%2e/filename |