Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| desiderata_software | blazix | 1.2 |
| desiderata_software | blazix | 1.2.1 |
Blazix Web Server before 1.2.6, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot), (2) space, and (3) slash characters in the extension of a URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| desiderata_software | blazix_web_server | * |