NewAtlanta ServletExec/ISAPI 4.1 - Full Path Disclosure
| EKU-ID: 26975 | CVE: CVE-2002-0892;OSVDB-784 | OSVDB-ID: |
| Author: Matt Moore | Published: 2002-05-22 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 26975 | CVE: CVE-2002-0892;OSVDB-784 | OSVDB-ID: |
| Author: Matt Moore | Published: 2002-05-22 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/4793/info ServletExec/ISAPI is a plug-in Java Servlet/JSP engine for Microsoft IIS. It runs with IIS on Microsoft Windows NT/2000/XP systems. ServletExec/ISAPI discloses the absolute path to the webroot directory when sent a specially formatted request without a trailing filename. This type of sensitive information may aid in further attacks against the host running the vulnerable software. http://target/servlet/com.newatlanta.servletexec.JSP10Servlet/