Orion Application Server prior to 2.0.7, when running on Windows, allows remote malicious users to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
orionserver orion application server |