Vulnerabilities > CVE-2002-1451 - Information Disclosure vulnerability in Blazix Special Character Handling Server Side Script
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description Blazix 1.2 Special Character Handling Server Side Script Information Disclosure. CVE-2002-1451. Remote exploits for multiple platform id EDB-ID:21751 last seen 2016-02-02 modified 2002-08-24 published 2002-08-24 reporter Auriemma Luigi source https://www.exploit-db.com/download/21751/ title Blazix 1.2 Special Character Handling Server Side Script Information Disclosure description Blazix 1.2 Password Protected Directory Information Disclosure Vulnerability. CVE-2002-1451. Remote exploits for multiple platform id EDB-ID:21752 last seen 2016-02-02 modified 2002-08-25 published 2002-08-25 reporter Auriemma Luigi source https://www.exploit-db.com/download/21752/ title Blazix 1.2 Password Protected Directory Information Disclosure Vulnerability
Nessus
NASL family | CGI abuses |
NASL id | BLAZIX_JSP_SOURCE.NASL |
description | The remote host is running the Blazix web server, a web server written in Java. The installed version of Blazix discloses the source code of its JSP pages by requesting the pages while appending a plus sign or a backslash to its name. An attacker may use this flaw to get the source code of your CGIs and possibly obtain passwords and other relevant information about this host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 17151 |
published | 2005-02-19 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/17151 |
title | Blazix Trailing Character JSP Source Disclosure |
code |
|