Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.05784
Percentile: 0.90087

CVSS Scoring

Affected Products

• cpe:2.3:a:desiderata_software:blazix:1.2:*:*:*:*:*:*:*
• cpe:2.3:a:desiderata_software:blazix:1.2.1:*:*:*:*:*:*:*

← Back to Home