Bajie Webserver Absolute Path Disclosure Vulnerability

Bajie HTTP server is a free webserver written in Java. The version that is currently available, assumed to be 0.03, ships with a sample java servlet called 'test' in /servlet/test/pathInfo/test. If executed/requested by an attacker will output the absolute path of the web content on the target filesystem. This information can be used to assist in further attacks against the victim host.


 

Privacy Statement
Copyright 2010, SecurityFocus