Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
'/WEB-INF/' Information Disclosure Vulnerability (HTTP)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Various application or web servers / products are prone to an information disclosure vulnerability.
Insight
Insight
The servlet specification prohibits servlet containers from serving resources in the '/WEB-INF' and '/META-INF' directories of a web application archive directly to clients. This means that URLs like: http://example.com/WEB-INF/web.xml will return an error message, rather than the contents of the deployment descriptor. However, some application or web servers / products are prone to a vulnerability that still exposes this information if the client requests the URL directly.
Affected Software
Affected Software
The following products are known to be affected: - Grails Resources plugin 1.0.0 to 1.2.5 as used in Grails 2.0.0 to 2.3.6. - Novell Web Manager on Novell NetWare 6.5. Other products might be affected as well.
Detection Method
Detection Method
Sends a crafted HTTP GET request and checks the response.
Solution
Solution
The following vendor fixes are known: - Update the Grails Resources plug-in to 1.2.6 or later. - Update Novell Web Manager to Support Pack 2 (NW6.5 SP2) or later. For other products please contact the vendor for more information on possible fixes.