| VID |
22320 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Blazix Web server is vulnerable to a JSP source disclosure vulnerability. Blazix is a freely available, open source Web server written in Java. It is available for Linux, Unix and Microsoft Windows operating systems. Blazix versions prior to 1.2.2 could allow a remote attacker to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a "+" or "\" (backslash) character. This information may help an attacker to launch further attacks against the affected server.
* References:
http://archives.neohapsis.com/archives/bugtraq/2002-08/0259.html
http://www.securiteam.com/securitynews/5NP0M1F80G.html
* Platforms Affected:
Desiderata Software, Blazix versions prior to 1.2.2
Linux Any version
Unix Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Blazix server (1.2.2 or later), available from the Blazix Web site at http://www.blazix.com/download.jsp |
| Related URL |
CVE-2002-1451 (CVE) |
| Related URL |
5566 (SecurityFocus) |
| Related URL |
9952 (ISS) |
|
