Orion Application Server JSP source code disclosure (OrionJspSourceDisclosure)

Vuln ID: 25405
Risk Level: Low risk vulnerability  Low OrionJspSourceDisclosure
Platforms: Orion Server Orion Application Server: 2.0.5, Orion Server Orion Application Server: 2.0.6
Description:

Orion Application Server could allow a remote attacker to obtain sensitive information. If an attacker sends a URL request for a known JavaServer Pages (JSP) file with "dot" and "space" characters appended to the file extension, the requested file's source code will be returned.
Remedy:

Upgrade to the latest version of Orion Application Server (2.0.7 or later), available from the Orion Web site. See References.
False Positives:
False Negatives:
Required Permission:
Additional Information:

References:

Secunia Research 23/03/2006
Orion Application Server JSP Source Disclosure Vulnerability
http://secunia.com/secunia_research/2006-11/advisory/

SA18950
Orion Application Server JSP Source Disclosure Vulnerability
http://secunia.com/advisories/18950/

Orion Web site
Orion Application Server
http://www.orionserver.com/

ISS X-Force
Orion Application Server JSP source code disclosure
http://www.iss.net/security_center/static/25405.php

CVE CVE-2006-0816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0816
X-Force Logo
Know Your Risks		 Mitre.org CVE Logo
Common Vulnerabilties & Exposures