JSP authentication bypass

Description
  • Manual confirmation is required for this alert.

    Your web application is restricting access to this .jsp file using Basic Authentication. It looks like Acunetix managed to bypass this restriction by replacing the .jsp extension with .jsp;.css.
Remediation
  • Review your authentication rules and make sure that files that end with .jsp;.css cannot bypass the authentication.