gnujsp 1.0.0 and 1.0.1 allows remote malicious users to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnujsp gnujsp 1.0.0 |
||
gnujsp gnujsp 1.0.1 |