| Vulnerability Name: | CVE-2002-1859 (CCN-9446) | ||||||||
| Assigned: | 2002-06-28 | ||||||||
| Published: | 2002-06-28 | ||||||||
| Updated: | 2017-11-30 | ||||||||
| Summary: | Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2002-1855 Source: MITRE Type: CNA CVE-2002-1856 Source: MITRE Type: CNA CVE-2002-1857 Source: MITRE Type: CNA CVE-2002-1858 Source: MITRE Type: CNA CVE-2002-1859 Source: MITRE Type: CNA CVE-2002-1860 Source: MITRE Type: CNA CVE-2002-1861 Source: BUGTRAQ Type: Not Applicable 20020628 wp-02-0002: 'WEB-INF' Folder accessible in Multiple Web Application Servers Source: CCN Type: Oracle Web site Welcome to Oracle.com online services Source: CCN Type: SourceForge.net Project: jo!: Summary Source: XF Type: Patch webinf-dot-file-retrieval(9446) Source: CCN Type: Macromedia Security Bulletin MPSB02-06 Cumulative Security Patch available for JRun 3.0, 3.1 and 4.0 Source: CCN Type: Orion Web site Orion Application Server Source: CCN Type: OSVDB ID: 44525 Oracle Application Server Crafted Request WEB-INF Directory Information Disclosure Source: CCN Type: OSVDB ID: 53449 Macromedia JRun Crafted Request WEB-INF Directory Information Disclosure Source: CCN Type: OSVDB ID: 53450 HP Application Server on Windows Crafted Request WEB-INF Directory Information Disclosure Source: CCN Type: OSVDB ID: 53451 jo! jo Webserver on Windows Crafted Request WEB-INF Directory Information Disclosure Source: CCN Type: OSVDB ID: 53452 Orion Application Server Crafted Request WEB-INF Directory Information Disclosure Source: CCN Type: OSVDB ID: 53453 Pramati Server on Windows Crafted Request WEB-INF Directory Information Disclosure Source: CCN Type: OSVDB ID: 53454 Sybase Enterprise Application Server on Windows Crafted Request WEB-INF Directory Information Disclosure Source: CCN Type: Pramati Technologies Web site The J2EE Infrastructure Company Source: BID Type: Third Party Advisory, VDB Entry 5119 Source: CCN Type: BID-5119 Multiple Vendor WEB-INF Directory Contents Disclosure Vulnerability Source: CCN Type: Sybase, Inc. Web site Sybase, Inc. EAServer Source: CCN Type: Westpoint Security Advisory wp-02-0002 'WEB-INF' Folder accessible in Multiple Web Application Servers Source: MISC Type: Vendor Advisory http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt Source: XF Type: UNKNOWN webinf-dot-file-retrieval(9446) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||