header-logo
Suggest Exploit
vendor:
Sun One WebServer
by:
Nikolaos Rangos
6,4
CVSS
MEDIUM
JSP Source Viewing
200
CWE
Product Name: Sun One WebServer
Affected Version From: Sun-ONE-Web-Server/6.1
Affected Version To: Sun-ONE-Web-Server/6.1
Patch Exists: NO
Related CWE: N/A
CPE: a:sun:sun_one_webserver:6.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows Server 2003
2009

Sun One WebServer 6.1 JSP Source Viewing vulnerability

SunOne WebServer (formerly Netscape Enterprise Server, iPlanet) on Windows Systems lets remote people disclose JSP Source code. A normal URL would look like: http://server/hello.jsp and to disclose the contents including source code of a JSP file: http://server/hello.jsp::$DATA

Mitigation:

Disable JSP source code viewing on the server, or restrict access to the server from untrusted networks.
Source

Exploit-DB raw data:

Sun One WebServer 6.1 JSP Source Viewing vulnerability

System: Sun-ONE-Web-Server/6.1, Windows Server 2003

SunOne WebServer (formerly Netscape Enterprise Server, iPlanet) on Windows Systems lets remote people disclose
JSP Source code.

A normal URL would look like:

http://server/hello.jsp

To disclose the contents including source code of a JSP file:

http://server/hello.jsp::$DATA

Best Regards,

Nikolaos Rangos

# milw0rm.com [2009-07-09]

Navigation

Suggest Exploit

Services By CQR