1 Reply Latest reply on Jun 2, 2003 5:29 AM by Greg Wilkins

    JBOSS 3.2.1: JSP source code disclosure

    marc_schoenefeld Newbie


      jboss 3.2.1 with jetty seems to be vulnerable to jsp source code disclosure.

      Trying to access the ServerInfo.jsp with an suffixed "%00" shows the source code of this JSP. Seems to be a forgotten debug feature :-]

      Marc Schoenefeld