Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbMatt MooreEDB-ID:21470
HistoryMay 22, 2002 - 12:00 a.m.

NewAtlanta ServletExec/ISAPI 4.1 - File Disclosure

2002-05-2200:00:00
Matt Moore
www.exploit-db.com
26

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/4795/info

ServletExec/ISAPI is a plug-in Java Servlet/JSP engine for Microsoft IIS. It runs with IIS on Microsoft Windows NT/2000/XP systems.

ServletExec/ISAPI will disclose the contents of arbitrary files within the webroot directory by sending a request containing URL encoded directory traversal sequences. While this will cause the software to serve files within wwwroot that normally would not be served, it does not appear possible to exploit this condition to break out of the webroot.

http://target/servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5c\global.asa

Related

cvelist 1
cve 1
nessus 1
nvd 1
openvas 2
cvelist
cvelist
CVE-2002-0893
2002-08-31 04:00:00
cve
cve
CVE-2002-0893
2002-10-04 04:00:00
nessus
nessus
ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Traversal Arbitrary File Access
2002-05-22 00:00:00
nvd
nvd
CVE-2002-0893
2002-10-04 04:00:00
openvas
openvas
ServletExec 4.1 ISAPI File Reading
2005-11-03 00:00:00
ServletExec 4.1 ISAPI File Reading
2005-11-03 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:21470
cvelist1cve1nessus1nvd1openvas2