• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Bajie Webserver Absolute Path Disclosure Vulnerability

Bajie HTTP server is a free webserver written in Java. The version that is currently available, assumed to be 0.03, ships with a sample java servlet called 'test' in /servlet/test/pathInfo/test. If executed/requested by an attacker will output the absolute path of the web content on the target filesystem. This information can be used to assist in further attacks against the victim host.