Sun ONE Application Server 7.0 - Source Disclosure

EDB-ID:

22664


Author:

SPI Labs

Type:

remote


Platform:

Windows

Date:

2003-05-27


source: https://www.securityfocus.com/bid/7709/info

Sun ONE Application Server is prone to a source code disclosure vulnerability. This issue is due to handling of case in requests for resources. By changing the case of a file extension, the server may fail to interpret the script and instead serve it as a normal web resource.

This issue exists for Sun ONE Application Server 7.0 on Microsoft Windows platforms. Previous versions may also be affected. 

GET /[script].JSP HTTP/1.0

where [script] is the name of a script hosted by the server.