Detections
Analytics

ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Path Disclosure

medium Nessus Plugin ID 10960

Synopsis

The remote web server is affected by an information disclosure issue.

Description

By requesting a nonexistent .JSP file, or by invoking the JSPServlet directly and supplying no filename, it is possible to make the ServletExec ISAPI filter disclose the physical path of the webroot.

Solution

Use the main ServletExec Admin UI to set a global error page for the entire ServletExec Virtual Server.

See Also

https://www.westpoint.ltd.uk/advisories/wp-02-0006.txt

Plugin Details

Severity: Medium

ID: 10960

File Name: servletExec_Path_Disclosure.nasl

Version: 1.23

Type: remote

Family: CGI abuses

Published: 5/22/2002

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Ease: No exploit is required

Vulnerability Publication Date: 5/22/2002

Reference Information

CVE: CVE-2002-0892

BID: 4793