header-logo
Suggest Exploit
vendor:
ServletExec/ISAPI
by:
SecurityFocus
4.3
CVSS
MEDIUM
Path Disclosure
200
CWE
Product Name: ServletExec/ISAPI
Affected Version From: ServletExec/ISAPI 4.1
Affected Version To: ServletExec/ISAPI 4.1
Patch Exists: NO
Related CWE: N/A
CPE: a:newatlanta:servletexec_isapi
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows NT/2000/XP
2002

ServletExec/ISAPI Path Disclosure Vulnerability

ServletExec/ISAPI is a plug-in Java Servlet/JSP engine for Microsoft IIS. It runs with IIS on Microsoft Windows NT/2000/XP systems. ServletExec/ISAPI discloses the absolute path to the webroot directory when sent a specially formatted request without a trailing filename. This type of sensitive information may aid in further attacks against the host running the vulnerable software.

Mitigation:

Ensure that the web server is configured to not disclose the absolute path to the webroot directory.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4793/info

ServletExec/ISAPI is a plug-in Java Servlet/JSP engine for Microsoft IIS. It runs with IIS on Microsoft Windows NT/2000/XP systems.

ServletExec/ISAPI discloses the absolute path to the webroot directory when sent a specially formatted request without a trailing filename.

This type of sensitive information may aid in further attacks against the host running the vulnerable software.

http://target/servlet/com.newatlanta.servletexec.JSP10Servlet/

Navigation

Suggest Exploit

Services By CQR