CVE-2002-1451

Blazix - Unauthenticated Source Code Disclosure via Trailing '+' or '\' Character

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2002-1451. PoCs published by Auriemma Luigi.

AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in Blazix web server where special characters appended to requests can bypass password protection, leading to information disclosure.

Description

Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Auriemma Luigi · textremotemultiple
https://www.exploit-db.com/exploits/21752

The exploit describes a directory traversal vulnerability in Blazix web server where special characters appended to requests can bypass password protection, leading to information disclosure.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Blazix web server
No auth needed
Prerequisites: Access to the Blazix web server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Auriemma Luigi · textremotemultiple
https://www.exploit-db.com/exploits/21751

The exploit describes a path traversal vulnerability in Blazix web server where appending a '+' or '\' to a .jsp file request may reveal the file's source code. This is due to improper handling of special characters in file paths.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Blazix web server (version not specified)
No auth needed
Prerequisites: Access to the Blazix web server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9952.php
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-08/0259.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5567
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5566

Scores

EPSS 0.0828
EPSS Percentile 94.2%

Details

Status published
Products (2)
desiderata_software/blazix 1.2
desiderata_software/blazix 1.2.1
Published Aug 24, 2002
Tracked Since Feb 18, 2026