Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0300

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0300
Last Modified 10 Sep 2008 08:00:54
Published 31 May 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0300

Summary

gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file.

Vulnerable Systems

Application

  • Gnujsp 1.0.0

  • Gnujsp 1.0.1


References

DEBIAN - DSA-114

BUGTRAQ - 20020219 gnujsp: dir- and script-disclosure

BID - 4125

XF - gnujsp-jserv-information-disclosure(8240)

BUGTRAQ - 20020220 Re: gnujsp: dir- and script-disclosure


Last Updated: 27 May 2016 10:36:52