[] NeoSense
E X P L O I T S
title author type platform port cve id

GNUJSP 1.0 - File Disclosure

Author: Thomas Springer
type: remote
platform: multiple
port: 
date_added: 2002-02-19 
date_updated: 2012-09-12 
verified: 1 
codes: CVE-2002-0300;OSVDB-5323 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/4125/info

GNUJSP is a freely available, open-source implementation of Sun's Java Server Pages. It will run on most Unix and Linux variants, as well as Microsoft Windows NT/2000 operating systems.

It has been reported that a remote attacker may disclose the contents of directories via a specially crafted web request. This may be exploited to list directories, read the contents of arbitrary web-readable files, and disclose script source code. The attacker simply appends the name of the directory and/or file to be disclosed to a web request for /servlets/gnujsp/.

It should be noted that this may allow an attacker to circumvent .htaccess files.

This issue may be the result of a configuration error.

http://site/servlets/gnujsp/[dirname]/[file]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.