Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in Remote Console Applet in Halycon Software iASP 1.0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request to port 9095.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Halcyon Software iASP远程文件泄露漏洞
Vulnerability Description
Instant ASP是一款轻便的动态服务器构架,能让开发者将Active Server Pages(ASP)在任何一个支持Java的Web服务器或应用程序服务器之上配置。 Instant ASP包含的远程控制台Applet对用户请求缺少充分过滤,远程攻击者可以利用这个漏洞对系统进行目录遍历攻击,以iASP进程权限查看系统任意文件。 攻击者可以向远程控制台Applet监听的9095端口提交包含多个'../'字符的请求,由于过滤检查不充分,可以绕过目录限制,以iASP进程权限查看系统任意文件。这可以帮助攻击
CVSS Information
N/A
Vulnerability Type
N/A