漏洞信息详情
多个供应商jsP源代码泄露漏洞
- CNNVD编号:CNNVD-200006-036
- 危害等级: 低危
- CVE编号: CVE-2000-0498
- 漏洞类型: 设计错误
- 发布时间: 2000-06-08
- 威胁类型: 远程
- 更新时间: 2005-07-27
- 厂 商: unify
- 漏洞来源: Unify Exploit : Di...
漏洞简介
Unify eWave ServletExec存在漏洞。远程攻击者通过请求提供大写扩展名的URL可以查看jsP程序的源代码。
漏洞公告
Unify has released eWave ServletExec version 3.0c which is not vulnerable to this issue. BEA Systems Weblogic: A vendor supplied patch for version 3.1.8 is available at : ftp://ftpna.beasys.com/pub/releases/318/caseSensitiveNTFix318.zip IBM WebSphere Application Server: IBM has released a fix which will eliminate this exploit and is available at : http://www6.software.ibm.com/dl/websphere8/wscorsvc-p
参考网址
来源: XF 名称: ewave-servletexec-jsp-source-read(4649) 链接:http://xforce.iss.net/static/4649.php 来源: NTBUGTRAQ 名称: 20000608 Potential vulnerability in Unify eWave ServletExec 链接:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.HTML 来源: BID 名称: 1328 链接:http://www.securityfocus.com/bid/1328
受影响实体
- Unify Ewave_servletexec:3.0
补丁
暂无
评论