This script is Copyright (C) 2014 Tenable Network Security, Inc.
A Java web application framework in use on the remote web server is
affected by an information disclosure vulnerability.
The remote web server uses a version of Grails, an open source web
application framework for JVM, that is affected by an information
disclosure vulnerability. Specifically, its 'resources' plug-in fails
to restrict access to resources located under an application's
'WEB-INF' and 'META-INF' directories by default. A remote attacker
could leverage this to retrieve the contents of class or configuration
files, such as web.xml, which should be private, including in other
web applications using directory traversal sequences.
See also :
Upgrade the 'resources' plug-in to 1.2.6, configure it to block access
to resources under 'WEB-INF' and 'META-INF', and redploy the affected
Alternatively, block access to the 'WEB-INF' and 'META-INF'
directories in a reverse proxy.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true
Family: CGI abuses
Nessus Plugin ID: 72757 ()
Bugtraq ID: 656786707167073
CVE ID: CVE-2014-0053CVE-2014-2857CVE-2014-2858
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.