This script is Copyright (C) 2002-2014 Michael Scheidell
A remote web application is vulnerable to several flaws.
Detects Vulnerability in the execution of JSPs outside doc_root.
A potential security vulnerability has been discovered in Oracle JSP
releases 1.0.x through 1.1.1 (in Apache/Jserv). This vulnerability
permits access to and execution of unintended JSP files outside the
doc_root in Apache/Jserv. For example, accessing
will execute b.jsp outside the doc_root instead of a.jsp if there is a
b.jsp file in the matching directory.
Further, Jserv Releases 1.0.x - 1.0.2 have additional vulnerability:
Due to a bug in Apache/Jserv path translation, any URL that looks like:
http://host:port/servlets/a.jsp, makes Oracle JSP execute
'd:\servlets\a.jsp' if such a directory path actually exists. Thus, a
URL virtual path, an actual directory path and the Oracle JSP name
(when using Oracle Apache/JServ) must match for this potential
vulnerability to occur.
Oracle8i Release 8.1.7, iAS Release version 1.0.2
Oracle JSP, Apache/JServ Releases version 1.0.x - 1.1.1
See also :
Upgrade to OJSP Release 220.127.116.11.0, available on Oracle
Technology Network's OJSP website.
Risk factor :
Medium / CVSS Base Score : 6.8
Nessus Plugin ID: 10925 (jserv_execute.nasl)
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.