vendor:
Tiny Java Web Server
by:
7.5
CVSS
HIGH
Input-Validation
CWE
Product Name: Tiny Java Web Server
Affected Version From: 1.71
Affected Version To:
Patch Exists: YES
Related CWE:
CPE: a:tiny_java_web_server_project:tiny_java_web_server:1.71
Platforms Tested:
2010
Input-Validation Vulnerabilities in Tiny Java Web Server
Tiny Java Web Server is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include a directory-traversal vulnerability, an open-redirection vulnerability, and a source code information-disclosure vulnerability. Exploiting these issues can allow an attacker to retrieve arbitrary local files and view directories within the context of the webserver. Information harvested may aid in launching further attacks. A successful exploit may aid in phishing attacks; other attacks may also be possible.
Mitigation:
It is recommended to update to the latest version of Tiny Java Web Server to mitigate these vulnerabilities. Additionally, input validation should be implemented to sanitize user-supplied input.