VULHUB ™

Allaire JRun is a web application development suite with JSP and Java Servlets. It is possible for a remote attacker to disclose JSP source code by making a specially crafted web request containing HTML encoded characters or a request which is appended by a null character(%00). This issue can be exploited with the following examples: http://target/directory/jsp/myjsp%00 http://target/directory/jsp/myjs%2570 This is also a known issue when Microsoft IIS is used as a connector for serving JSP files.

Allaire JRun is a web application development suite with JSP and Java Servlets. It is possible for a remote attacker to disclose JSP source code by making a specially crafted web request containing HTML encoded characters or a request which is appended by a null character(%00). This issue can be exploited with the following examples: http://target/directory/jsp/myjsp%00 http://target/directory/jsp/myjs%2570 This is also a known issue when Microsoft IIS is used as a connector for serving JSP files.