CVE-2002-0892

NewAtlanta ServletExec ISAPI 4.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0892. PoCs published by Matt Moore.

AI-analyzed exploit summary The provided text describes an information disclosure vulnerability in ServletExec/ISAPI where a specially crafted request without a trailing filename reveals the absolute path to the webroot directory. This is not a functional exploit but rather a description of the vulnerability and its impact.

Description

The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Matt Moore · textremotewindows

https://www.exploit-db.com/exploits/21469

View Code ZIP pw:eip

The provided text describes an information disclosure vulnerability in ServletExec/ISAPI where a specially crafted request without a trailing filename reveals the absolute path to the webroot directory. This is not a functional exploit but rather a description of the vulnerability and its impact.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: ServletExec/ISAPI (version not specified)

No auth needed

Prerequisites: Access to the target web server

MITRE ATT&CK