Unify eWave ServletExec JSP Source Disclosure Vulnerability

Unify eWave ServletExec is a Java/Java Servlet engine plug-in for major web servers such as Microsoft IIS, Apache, Netscape Enterprise Server, etc.

ServletExec will return the source code of JSP files when a HTTP request is appended with one of the following characters:


For example, the following URL will yield the source of the specified JSP file:


Successful exploitation could lead to the disclosure of sensitive information contained within JSP pages.


Privacy Statement
Copyright 2010, SecurityFocus