• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Nombas ScriptEase:Webserver Edition Default Script Vulnerability

Severity: MODERATE

Description:

Nombas ScriptEase:Webserver Edition is designed to allow the development of web based applications in Javascript. It includes the ability to execute Javascript code in response to CGI requests, and support for developer features such as remote debugging.

ScriptEase:Webserver Edition includes a number of example scripts, which are installed by default.

Default scripts included with ScriptEase allows remote users to disclose arbitrary files residing on a host. The file to view is passed as a parameter in a specially crafted URL. Through the use of ../ directory traversal techniques, an attacker may additionally escape the normal webroot, and view arbitrary files on the server.

An attacker will be able to view system configuration files in known locations, potentially allowing further attacks against the vulnerable system.

Currently 'viewcode.jse' and 'comment2.jse' have been known to exploit this issue.

Affected Products:

• Nombas ScriptEase: Webserver Edition 4.30.0b FreeBSD
• Nombas ScriptEase: Webserver Edition 4.30.0b HP-UX
• Nombas ScriptEase: Webserver Edition 4.30.0b Irix
• Nombas ScriptEase: Webserver Edition 4.30.0b Linux
• Nombas ScriptEase: Webserver Edition 4.30.0b ppc
• Nombas ScriptEase: Webserver Edition 4.30.0b solaris
• Nombas ScriptEase: Webserver Edition 4.30.0d CGI/WINCGI win32
• Nombas ScriptEase: Webserver Edition 4.30.0d ISAPI win32
• Nombas ScriptEase: Webserver Edition 4.30.0d Netware 5
• Nombas ScriptEase: Webserver Edition 4.30.0d OS/2
• Nombas ScriptEase: Webserver Edition 4.30.0d win3.x
• Novell Netware 5.1.0

References:

• Nombas: ScriptEase: Webserver Edition Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.