Description

Manual confirmation is required for this alert.

Your web application is restricting access to this .jsp file using Basic Authentication. It looks like Acunetix managed to bypass this restriction by replacing the .jsp extension with .jsp;.css.

Remediation

Review your authentication rules and make sure that files that end with .jsp;.css cannot bypass the authentication.

References

OWASP - Path Traversal

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)

Related Vulnerabilities

Joomla! Core 3.x.x Security Bypass (3.2.0 - 3.9.4)

Joomla! Core 1.0.x Security Bypass (1.0.0 - 1.0.10)

WordPress Plugin Post Grid Gutenberg Blocks and WordPress Blog-PostX Security Bypass (4.1.2)

WordPress Plugin WooCommerce Smart Coupons Security Bypass (4.6.0)

WordPress Plugin WP User Manager-User Profile Builder & Membership Security Bypass (2.6.2)

Severity

High

Classification

CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Authentication Bypass