HTTP: WEB-INF. JSP Code Information Leakage
This signature detects attempts to exploit a known vulnerability in Windows Web servers with J2EE. Attackers can append a "." character to a request for the WEB-INF directory (where J2EE class files are typically stored) to bypass directory security and gain access to normally protected files.
Extended Description
Attackers could exploit this vulnerability to retrieve Java class files, web server configuration files, and possibly access client session information contained in the WEB-INF directory of the J2EE web server.
Short Name
HTTP:INFO-LEAK:WEB-INF-DOT
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Code Information JSP Leakage WEB-INF.
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown