dspace-jspui is vulnerable to information disclosure. The vulnerability exists because the doGet
function of InternalErrorServlet.java
does not properly sanitize the internal system error exceptions and stack traces, allowing an attacker to gain sensitive information through the exceptions and stack traces logs.
CPE | Name | Operator | Version |
---|---|---|---|
dspace jsp-ui | le | 6.3 | |
dspace jsp-ui | le | 4.9 | |
dspace jsp-ui | le | 5.11 | |
dspace jsp-ui | le | 6.3 | |
dspace jsp-ui | le | 4.9 | |
dspace jsp-ui | le | 5.11 |