Vulnerability Details CVE-2002-0300
gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.051
EPSS Ranking 89.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://marc.info/?l=bugtraq&m=101415804625292&w=2
- http://marc.info/?l=bugtraq&m=101422432123898&w=2
- http://www.debian.org/security/2002/dsa-114
- http://www.iss.net/security_center/static/8240.php
- http://www.securityfocus.com/bid/4125
- http://marc.info/?l=bugtraq&m=101415804625292&w=2
- http://marc.info/?l=bugtraq&m=101422432123898&w=2
- http://www.debian.org/security/2002/dsa-114
- http://www.iss.net/security_center/static/8240.php
- http://www.securityfocus.com/bid/4125