BID:17270

Blazix Java Application/Web Server JSP Source Disclosure Vulnerability

Info

Blazix Java Application/Web Server JSP Source Disclosure Vulnerability

Bugtraq ID:	17270
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 28 2006 12:00AM
Updated:	Mar 28 2006 08:03PM
Credit:	Tan Chew Keong of Secunia Research is credited with the discovery of this vulnerability.
Vulnerable:	Blazix Java Application/Web Server Blazix Java Application/Web Server 1.2.5

Not Vulnerable:	Blazix Java Application/Web Server Blazix Java Application/Web Server 1.2.6

Discussion

Blazix Java Application/Web Server JSP Source Disclosure Vulnerability

A problem with Blazix Java Application/Web Server results in the disclosure of the source code of Java Server Pages. This allows attackers to gain unauthorized access to sensitive information, potentially aiding them in further attacks.

This issue affects Blazix Java Application/Web Server 1.2.5 on Windows. Other versions may be vulnerable as well.

Exploit / POC

Blazix Java Application/Web Server JSP Source Disclosure Vulnerability

This issue can be exploited through a web client.

Solution / Fix

Blazix Java Application/Web Server JSP Source Disclosure Vulnerability

Solution:
The vendor has reportedly released version 1.2.6 to address this issue. Please contact the vendor for more information.

References

Blazix Java Application/Web Server JSP Source Disclosure Vulnerability

References:

Blazix Java Application/Web Server Home Page (Blazix Java Application/Web Server)
Secunia Research: Blazix Web Server JSP Source Code Disclosure Vulnerability (Secunia Research )