VULHUB ™

JavaServer Web Development Kit has a Web container for developing and testing JavaServer Pages and the Java Servlet API. Version 1.0 of the JSWDK contains a directory traversal vulnerability. Through requesting URLS containing '../' character sequences, remote clients can view arbitrary files (outside of the webroot) on the host system. This could allow an attacker to obtain sensitive or confidential information which could be used to mount further attacks upon the host. Phuong Nguyen <dphuong@yahoo.com> reported that on Unix systems, the JSWDK webserver runs with root privileges. On Unix systems, an attacker may be able to gain access to a host by brute forcing the hashes in '/etc/shadow', a file which may be obtainable remotely using this vulnerability.

JavaServer Web Development Kit has a Web container for developing and testing JavaServer Pages and the Java Servlet API. Version 1.0 of the JSWDK contains a directory traversal vulnerability. Through requesting URLS containing '../' character sequences, remote clients can view arbitrary files (outside of the webroot) on the host system. This could allow an attacker to obtain sensitive or confidential information which could be used to mount further attacks upon the host. Phuong Nguyen <dphuong@yahoo.com> reported that on Unix systems, the JSWDK webserver runs with root privileges. On Unix systems, an attacker may be able to gain access to a host by brute forcing the hashes in '/etc/shadow', a file which may be obtainable remotely using this vulnerability.