 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.117224 |
| Kategorie: | Web Servers |
| Titel: | '/WEB-INF/' Information Disclosure Vulnerability (HTTP) |
| Zusammenfassung: | Various application or web servers / products are prone to an; information disclosure vulnerability. |
| Beschreibung: | Summary: Various application or web servers / products are prone to an information disclosure vulnerability. Vulnerability Insight: The servlet specification prohibits servlet containers from serving resources in the '/WEB-INF' and '/META-INF' directories of a web application archive directly to clients. This means that URLs like: http://example.com/WEB-INF/web.xml will return an error message, rather than the contents of the deployment descriptor. However, some application or web servers / products are prone to a vulnerability that still exposes this information if the client requests the URL directly. Vulnerability Impact: Based on the information provided in this file an attacker might be able to gather additional info and / or sensitive data about the application / the application / web server. Affected Software/OS: The following products are known to be affected: - Grails Resources plugin 1.0.0 to 1.2.5 as used in Grails 2.0.0 to 2.3.6. - Novell Web Manager on Novell NetWare 6.5. Other products might be affected as well. Solution: The following vendor fixes are known: - Update the Grails Resources plug-in to 1.2.6 or later. - Update Novell Web Manager to Support Pack 2 (NW6.5 SP2) or later. For other products please contact the vendor for more information on possible fixes. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-2734 BugTraq ID: 11000 http://www.securityfocus.com/bid/11000 http://www.osvdb.org/9103 http://securitytracker.com/id?1011012 http://secunia.com/advisories/12049 XForce ISS Database: novell-webadminapache-security-bypass(40478) https://exchange.xforce.ibmcloud.com/vulnerabilities/40478 Common Vulnerability Exposure (CVE) ID: CVE-2014-0053 BugTraq ID: 65678 http://www.securityfocus.com/bid/65678 Bugtraq: 20140227 Update: CVE-2014-0053 Information Disclosure when using Grails (Google Search) http://www.securityfocus.com/archive/1/531281/100/0/threaded http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0194.html http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0267.html https://twitter.com/Ramsharan065/status/434975409134792704 http://secunia.com/advisories/56841 XForce ISS Database: grails-cve20140053-info-disc(91270) https://exchange.xforce.ibmcloud.com/vulnerabilities/91270 Common Vulnerability Exposure (CVE) ID: CVE-2014-2857 Common Vulnerability Exposure (CVE) ID: CVE-2014-2858 |
| Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |