| VID |
22404 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The relevant host is running a version of Orion Application Server which is older than 2.0.7. Orion Application Server is an application server running on a Java2 platform. Orion Application Server version 2.0.6 and earlier versions for Microsoft Windows could allow a remote attacker to obtain the source code of JSP script files. By sending a specially-crafted URL request with "dot" and "space" characters, a remote attacker could read the requested file's source code.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a False Positive.
* References:
http://secunia.com/secunia_research/2006-11/advisory/
http://secunia.com/advisories/18950/
* Platforms Affected:
Orion Application Server version 2.0.6 and earlier versions
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Orion Application Server (2.0.7 or later), available from the Orion Web site at http://www.orionserver.com/ |
| Related URL |
CVE-2006-0816 (CVE) |
| Related URL |
17204 (SecurityFocus) |
| Related URL |
25405 (ISS) |
|
