ServletExec 4.1 ISAPI File Reading Network Vulnerability

Summary

By invoking the JSPServlet directly it is possible to read the contents of files within the webroot that would not normally be accessible (global.asa, for example.) When attempting to retrieve ASP pages it is common to see many errors due to their similarity to JSP pages in syntax, and hence only fragments of these pages are returned. Text files can generally be read without problem.

Solution

Download Patch #9 from ftp://ftp.newatlanta.com/public/4_1/patches/

Severity

Classification

CVE CVE-2002-0893

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
Apache Tomcat Directory Listing and File disclosure
An Image Gallery Multiple Cross-Site Scripting Vulnerability
AlienForm CGI script

Take action and discover your vulnerabilities