JSP authentication bypass

Description
  • <div class="bb-coolbox"><span class="bb-dark">Manual confirmation is required for this alert.</span></div><br/> Your web application is restricting access to this .jsp file using Basic Authentication. It looks like Acunetix managed to bypass this restriction by replacing the <strong>.jsp</strong> extension with <strong>.jsp;.css</strong>.
Remediation
  • Review your authentication rules and make sure that files that end with .jsp;.css cannot bypass the authentication.