Test ID:	1.3.6.1.4.1.25623.1.0.117222
Category:	Web Servers
Title:	'/.jsp/WEB-INF/' Information Disclosure Vulnerability (HTTP)
Summary:	Various application or web servers / products are prone to an; information disclosure vulnerability.
Description:	Summary: Various application or web servers / products are prone to an information disclosure vulnerability. Vulnerability Insight: The servlet specification prohibits servlet containers from serving resources in the '/WEB-INF' and '/META-INF' directories of a web application archive directly to clients. This means that URLs like: http://example.com/WEB-INF/web.xml will return an error message, rather than the contents of the deployment descriptor. However, some application or web servers / products are prone to a vulnerability that exposes this information if the client requests a URL like this instead: http://example.com/.jsp/WEB-INF/web.xml http://example.com/.jsp/web-inf/web.xml (note the '.jsp/' before 'WEB-INF'). Vulnerability Impact: Based on the information provided in this file an attacker might be able to gather additional info and / or sensitive data about the application / the application / web server. Affected Software/OS: The following products are known to be affected: - Caucho Resin version 1.2.x and 1.3b1 Other products and versions might be affected as well. Solution: Please contact the vendor for more information on possible fixes. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2001-0399 BugTraq ID: 2533 http://www.securityfocus.com/bid/2533 Bugtraq: 20010403 CHINANSL Security Advisory(CSA-200111) (Google Search) http://marc.info/?l=bugtraq&m=98633597813833&w=2
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.