Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Joe Testa hellbent可利用相对路径猜测Web安装目录漏洞
Vulnerability Description
hellbent是一个由Joe Testa维护的Java服务器程序。 hellbent实现上存在问题,远程攻击者可能利用这个问题猜测到Web目录的安装路径。 如果hellbent收到在请求中包含"../"字串的相对目录,当情况是先出Web目录,然后再进回到Web目录时,服务器会回应200 OK消息,如果情况是先出Web目录,而没有再进回到正确的Web目录时,服务器会回应403 Forbidden消息。因此对攻击者来说,通过暴力猜测可能得到Web的安装目录信息。
CVSS Information
N/A
Vulnerability Type
N/A