8 lines
No EOL
638 B
Text
8 lines
No EOL
638 B
Text
source: http://www.securityfocus.com/bid/5567/info
|
|
|
|
Blazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems.
|
|
|
|
Blazix does not properly handle some special characters when appended to requests. By passing a special character with a request to the web server, it is possible for a user to gain access to a listing of a password protected directory. This could result in information disclosure, and could potentially be used to gain intelligence in launching an attack against a system.
|
|
|
|
http://www.example.com/bugtest+/
|
|
http://www.example.com/bugtest\/ |