Vulnerabilities > CVE-2003-0411 - Improper Handling of Case Sensitivity vulnerability in Oracle SUN ONE Application Server 7.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 2 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | Sun ONE Application Server 7.0 Source Disclosure Vulnerability. CVE-2003-0411. Remote exploit for windows platform |
id | EDB-ID:22664 |
last seen | 2016-02-02 |
modified | 2003-05-27 |
published | 2003-05-27 |
reporter | SPI Labs |
source | https://www.exploit-db.com/download/22664/ |
title | Sun ONE Application Server 7.0 Source Disclosure Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | SUN_ONE_JSP_SOURCE.NASL |
description | It is possible to make the remote web server disclose the source code of its JSP pages by requesting the pages with a different case (ie: filename.JSP instead of filename.jsp). An attacker may use this flaw to get the source code of your CGIs and possibly obtain passwords and other relevant information about this host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11658 |
published | 2003-05-28 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11658 |
title | Sun ONE Application Server Upper Case Request JSP Source Disclosure |
code |
|
References
- http://marc.info/?l=bugtraq&m=105409846029475&w=2
- http://marc.info/?l=bugtraq&m=105409846029475&w=2
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1
- http://www.ciac.org/ciac/bulletins/n-103.shtml
- http://www.ciac.org/ciac/bulletins/n-103.shtml
- http://www.iss.net/security_center/static/12093.php
- http://www.iss.net/security_center/static/12093.php
- http://www.securityfocus.com/bid/7709
- http://www.securityfocus.com/bid/7709
- http://www.spidynamics.com/sunone_alert.html
- http://www.spidynamics.com/sunone_alert.html