Short Name |
HTTP:INFO-LEAK:WEB-INF-DOT |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
WEB-INF. JSP Code Information Leakage |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in Windows Web servers with J2EE. Attackers can append a "." character to a request for the WEB-INF directory (where J2EE class files are typically stored) to bypass directory security and gain access to normally protected files.
Attackers could exploit this vulnerability to retrieve Java class files, web server configuration files, and possibly access client session information contained in the WEB-INF directory of the J2EE web server.