Simon Ryeo has reported a vulnerability in TmaxSoft JEUS, which can be exploited by malicious people to disclose sensitive information.
The vulnerability is caused due to the web server improperly handling requests for alternate data streams. This can be exploited to disclose the source code of a JSP script via a specially crafted HTTP request.
Successful exploitation requires that the web root is placed on an NTFS file system.
Solution: Apply Fix 26 or update to a patched version. Please contact the vendor for more information.
Provided and/or discovered by: Simon Ryeo
Original Advisory: http://milw0rm.com/exploits/7442
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org