11 lines
No EOL
805 B
Text
11 lines
No EOL
805 B
Text
source: http://www.securityfocus.com/bid/4125/info
|
|
|
|
GNUJSP is a freely available, open-source implementation of Sun's Java Server Pages. It will run on most Unix and Linux variants, as well as Microsoft Windows NT/2000 operating systems.
|
|
|
|
It has been reported that a remote attacker may disclose the contents of directories via a specially crafted web request. This may be exploited to list directories, read the contents of arbitrary web-readable files, and disclose script source code. The attacker simply appends the name of the directory and/or file to be disclosed to a web request for /servlets/gnujsp/.
|
|
|
|
It should be noted that this may allow an attacker to circumvent .htaccess files.
|
|
|
|
This issue may be the result of a configuration error.
|
|
|
|
http://site/servlets/gnujsp/[dirname]/[file] |