Bugtraqid 1328
Class Design Error
Cve CVE-2000-0499
Remote Yes
Local Yes
Pubhed June 08,200 0
Updated November 10,200 0
Vulnerable BEA Systems Weblogic 4.5.1
-Microsoft Windows NT 4.0
BEA Systems Weblogic 4.0.4
-Microsoft Windows NT 4.0
BEA Systems Weblogic 3.1.8
-Microsoft Windows NT 4.0
IBM Websphere Application Server 3.0.21
-Sun Solaris 8.0
-Microsoft Windows NT 4.0
-Linux kernel 2.3.x
-Ibm aix 4.3
Unify eWave ServletExec 3.0
-Sun Solaris 8.0
-Microsoft Windows 98
-Microsoft Windows NT 4.0
-Microsoft Windows NT 2000
-Linux kernel 2.3.x
-Ibm aix 4.3.2
-HP HP-UX 11.4
When webservers are case-sensitive, but do not have all possible combinations of cases in mapped extensions mapped properly.
By changing the letters in a JSP or a JHTML file extension from lower case to upper case (eg :. jsp or. jhtml becomes. JSP or. JHTML) in a URL the server does not recognize the file extension and sends the file normally. in that manner, a user is able to access the source code to those specific files.