Vulnerabilities > CVE-2002-1859 - Unspecified vulnerability in Orionserver Orion Application Server 1.5.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | GENERIC_WEB-INF.NASL |
| description | By making a specially-formatted request to the remote web server, it is possible to retrieve files located under the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11037 |
| published | 2002-07-01 |
| reporter | This script is Copyright (C) 2002-2018 Matt Moore |
| source | https://www.tenable.com/plugins/nessus/11037 |
| title | Multiple Server Crafted Request WEB-INF Directory Information Disclosure |