|
|
Vulnerability Assessment & Network Security Forums |
|||||||||
|
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> CGI abuses >> Apache Tomcat source.jsp malformed request information disclosure Vulnerability Assessment Details
|
Apache Tomcat source.jsp malformed request information disclosure |
||
|
Checks for the Tomcat source.jsp malformed request vulnerability Detailed Explanation for this Vulnerability Assessment The source.jsp file, distributed with Apache Tomcat server, will disclose information when passed a malformed request. As a result, information such as the web root path and directory listings could be obtained. Example: http://target/examples/jsp/source.jsp?? - reveals the web root http://target/examples/jsp/source.jsp?/jsp/ - reveals the contents of the jsp directory See also: http://www.securityfocus.com/bid/4876 Solution: Remove default files from the web server Network Security Threat Level: Medium Networks Security ID: 4876 Vulnerability Assessment Copyright: This script is Copyright (C) 2004 David Kyger |
||
|
Mainframe, DEC, VAX, AS 400 |
|
||
|
No Discussions have been posted on this vulnerability. |