The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote malicious users to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
new atlanta communications servletexec isapi 4.1 |