vendor:
Jana Server
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Jana Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2001
Directory Traversal in Jana Server
It is possible for a remote user to traverse the directories of a host running Jana Server. Submitting a specially crafted URL using hex encoded 'double dot' sequences will reveal arbitrary directories. In addition to revealing directories, this vulnerability could enable a user to obtain the contents of files readable by the webserver user.
Mitigation:
Ensure that the web server is configured to deny access to any directory outside of the web root directory.