ID de Prueba:	1.3.6.1.4.1.25623.1.0.10959
Categoría:	Web application abuses
Título:	ServletExec 4.1 ISAPI File Reading
Resumen:	By invoking the JSPServlet directly it is possible to read the contents of; files within the webroot that would not normally be accessible (global.asa, for example.)
Descripción:	Summary: By invoking the JSPServlet directly it is possible to read the contents of files within the webroot that would not normally be accessible (global.asa, for example.) Vulnerability Insight: When attempting to retrieve ASP pages it is common to see many errors due to their similarity to JSP pages in syntax, and hence only fragments of these pages are returned. Text files can generally be read without problem. Solution: Download Patch #9 from the linked vendor FTP. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0893 BugTraq ID: 4795 http://www.securityfocus.com/bid/4795 Bugtraq: 20020522 Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1 (Google Search) http://online.securityfocus.com/archive/1/273615 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0077.html http://www.iss.net/security_center/static/9140.php
Copyright	Copyright (C) 2002 Matt Moore

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.