CVE-1999-1082

Jana Proxy Web Server 1.40 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1082.

AI-analyzed exploit summary The exploit demonstrates a directory traversal vulnerability in the Jana webserver by using multiple dots in the URL to access files outside the webroot, such as win.ini or autoexec.bat. The attack leverages improper path sanitization to bypass intended access restrictions.

Description

Directory traversal vulnerability in Jana proxy web server 1.40 allows remote attackers to ready arbitrary files via a "......" (modified dot dot) attack.

Exploits (1)

exploitdb WORKING POC

remotewindows

https://www.exploit-db.com/exploits/19540

View Code ZIP pw:eip

The exploit demonstrates a directory traversal vulnerability in the Jana webserver by using multiple dots in the URL to access files outside the webroot, such as win.ini or autoexec.bat. The attack leverages improper path sanitization to bypass intended access restrictions.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Jana webserver

No auth needed

Prerequisites: Network access to the target webserver

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=93941794201059&w=2

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/699

Scores

EPSS 0.0663

EPSS Percentile 93.0%

Details

Status published

Products (4)

t._hauck/jana_web_server 1.0

t._hauck/jana_web_server 1.40

t._hauck/jana_web_server 1.45

t._hauck/jana_web_server 1.46

Published Oct 08, 1999

Tracked Since Feb 18, 2026