header-logo
Suggest Exploit
vendor:
Blazix Web Server
by:
SecurityFocus
7.5
CVSS
HIGH
JSP File Disclosure
200
CWE
Product Name: Blazix Web Server
Affected Version From: 1.2
Affected Version To: 1.2.2001
Patch Exists: YES
Related CWE: N/A
CPE: //a:blazix
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Microsoft Windows
2002

Blazix Web Server JSP File Disclosure Vulnerability

When a user passes a request to the web server that ends in either a plus (+) or backslash (), the web server may react unpredictably. This type of character appended to the name of a .jsp file has been reported to reveal the contents of the .jsp file.

Mitigation:

Upgrade to Blazix version 1.2.1 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5566/info

Blazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems.

When a user passes a request to the web server that ends in either a plus (+) or backslash (\), the web server may react unpredictably. This type of character appended to the name of a .jsp file has been reported to reveal the contents of the .jsp file. 

http://www.example.com/jsptest.jsp+
http://www.example.com/jsptest.jsp\

Navigation

Suggest Exploit

Services By CQR