LowProventia Server IPS for Linux technology, RealSecure Desktop, BlackICE PC Protection, RealSecure Network, RealSecure Server Sensor, Proventia Network IDS, Proventia Desktop, Proventia Network IPS, Proventia Server IPS for Microsoft Windows technology, BlackICE Server Protection, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Server for VMware:
This signature detects a URL ending with the file name extension ".jsp " (.jsp followed by a space).
Low
Proventia Server IPS for Linux technology: 1.90, RealSecure Desktop: epw, BlackICE PC Protection: 3.6cpw, RealSecure Network: XPU 24.51, RealSecure Server Sensor: XPU 24.51, Proventia Network IDS: XPU 24.51, Proventia Desktop: 1910, Proventia Network IPS: XPU 1.90, Proventia Server IPS for Microsoft Windows technology: 1.0.914.1910, BlackICE Server Protection: 3.6.cpw, Proventia-G 1.1 and earlier: XPU 24.51, Proventia Network MFS: XPU 1.90, Proventia Server for VMware: 1.0
Orion Server Orion Application Server: 2.0.5, Orion Server Orion Application Server: 2.0.6
Suspicious Activity
Orion Application Server could allow a remote attacker to obtain sensitive information. If an attacker sends a URL request for a known JavaServer Pages (JSP) file with "dot" and "space" characters appended to the file extension, the requested file's source code will be returned.
Upgrade to the latest version of Orion Application Server (2.0.7 or later), available from the Orion Web site. See References.
Secunia Research 23/03/2006
Orion Application Server JSP Source Disclosure Vulnerability
http://secunia.com/secunia_research/2006-11/advisory/
SA18950
Orion Application Server JSP Source Disclosure Vulnerability
http://secunia.com/advisories/18950/
Orion Web site
Orion Application Server
http://www.orionserver.com/
ISS X-Force
Orion Application Server JSP source code disclosure
http://www.iss.net/security_center/static/25405.php
CVE
CVE-2006-0816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0816