CVE-2005-1112: IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java…

CVE-2005-1112 [MEDIUM] GHSA-c7g9-qv7w-xrwq: IBM WebSphere Application Server 6 IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine.

CVE-2005-1112 IBM Websphere 5.0/5.1/6.0 - Application Server Web Server Root JSP Source Code Disclosure IBM Websphere 5.0/5.1/6.0 - Application Server Web Server Root JSP Source Code Disclosure --- source: https://www.securityfocus.com/bid/13160/info A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to properly handle various requests under certain circumstances. It should be noted that this issue only arises when the Web serve and application server root directories reside in the same location; this is not the default configuration. An attacker may leverage this issue to disclose JSP source code, facilitating code theft as well as potential further attacks. GET /index.jsp HTTP/1.0 Host: NonExistentHost

CVE-2005-0313 Magic Winmail Server 4.0 (Build 1112) - 'download.php' Traversal Arbitrary File Access Magic Winmail Server 4.0 (Build 1112) - 'download.php' Traversal Arbitrary File Access --- source: https://www.securityfocus.com/bid/12388/info Magic Winmail Server is reportedly affected by multiple vulnerabilities. There are two distinct directory traversal vulnerabilities in the Webmail interface allowing both arbitrary file downloads and uploads. There is also a HTML injection vulnerability in the Webmail interface that could lead to the theft of the administrator's session cookie. There are several directory traversal vulnerabilities in the IMAP service commands which could permit a malicious user to read arbitrary emails, create or delete arbitrary files on the server and possibly retrieve arbitrary files from the server. Magic Winmail Server's FTP service also reportedly fails

CVE-2005-0313 Magic Winmail Server 4.0 (Build 1112) - 'upload.php' Traversal Arbitrary File Upload Magic Winmail Server 4.0 (Build 1112) - 'upload.php' Traversal Arbitrary File Upload --- source: https://www.securityfocus.com/bid/12388/info Magic Winmail Server is reportedly affected by multiple vulnerabilities. There are two distinct directory traversal vulnerabilities in the Webmail interface allowing both arbitrary file downloads and uploads. There is also a HTML injection vulnerability in the Webmail interface that could lead to the theft of the administrator's session cookie. There are several directory traversal vulnerabilities in the IMAP service commands which could permit a malicious user to read arbitrary emails, create or delete arbitrary files on the server and possibly retrieve arbitrary files from the server. Magic Winmail Server's FTP service also reportedly fails t