Users login

Create an account »


Users login

Home » Hacking News » GNUJSP File Disclosure Vulnerability

GNUJSP File Disclosure Vulnerability

by Nikola Strahija on February 23rd, 2002 GNUJSP is a freely available, open-source implementation of Sun's Java Server Pages. It will run on most Unix and Linux variants, as well as Microsoft Windows NT/2000 operating systems.

It has been reported that a remote attacker may disclose the contents of directories via a specially crafted web request. This may be exploited to list directories, read the contents of arbitrary web-readable files, and disclose script source code. The attacker simply appends the name of the directory and/or file to be disclosed to a web request for /servlets/gnujsp/.

It should be noted that this may allow an attacker to circumvent .htaccess files.

This issue may be the result of a configuration error.

Remote: Yes

Exploit: The following example was submitted:


Solution: Upgrades are available.


Debian Upgrade gnujsp_1.0.0-5_all.deb


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »