Published: 31/05/2002 Updated: 18/10/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

gnujsp 1.0.0 and 1.0.1 allows remote malicious users to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnujsp gnujsp 1.0.0
gnujsp gnujsp 1.0.1

Thomas Springer found a vulnerability in GNUJSP, a Java servlet that allows you to insert Java source code into HTML files The problem can be used to bypass access restrictions in the web server An attacker can view the contents of directories and download files directly rather then receiving their HTML output This means that the source code of ...

source: wwwsecurityfocuscom/bid/4125/info GNUJSP is a freely available, open-source implementation of Sun's Java Server Pages It will run on most Unix and Linux variants, as well as Microsoft Windows NT/2000 operating systems It has been reported that a remote attacker may disclose the contents of directories via a specially crafted we ...

NVD-CWE-Other http://www.debian.org/security/2002/dsa-114 http://www.securityfocus.com/bid/4125 http://www.iss.net/security_center/static/8240.php http://marc.info/?l=bugtraq&m=101422432123898&w=2 http://marc.info/?l=bugtraq&m=101415804625292&w=2 https://nvd.nist.gov https://www.debian.org/security/./dsa-114 https://www.exploit-db.com/exploits/21295/

CVE-2002-0300

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect