8 lines
No EOL
524 B
Text
8 lines
No EOL
524 B
Text
source: http://www.securityfocus.com/bid/5566/info
|
|
|
|
Blazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems.
|
|
|
|
When a user passes a request to the web server that ends in either a plus (+) or backslash (\), the web server may react unpredictably. This type of character appended to the name of a .jsp file has been reported to reveal the contents of the .jsp file.
|
|
|
|
http://www.example.com/jsptest.jsp+
|
|
http://www.example.com/jsptest.jsp\ |