Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Blazix特殊字符处理源代码泄露漏洞
Vulnerability Description
Blazix是一款免费开放源代码的由JAVA编写的WEB服务程序,可使用在Linux和Microsoft Windows操作系统下。 Blazix没有很正确的处理包含特殊字符的请求,远程攻击者可以利用这个漏洞获得.jsp脚本的源代码。 Blazix的API在打开文件时对文件名中包含的特殊字符'+'和'\'(不是%2b和%5c)没有进行正确的解析,攻击者可以在请求的.jsp脚本文件名后追加'+'或者'\'字符,可导致获得脚本的源代码信息,其中可能包含部分密码等敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A