Description
Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message.
Remediation
References
Related Vulnerabilities
Atlassian Jira Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137)
MySQL CVE-2022-21637 Vulnerability (CVE-2022-21637)
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.24)
WordPress Plugin Click to Copy Grab Box Multiple Cross-Site Scripting Vulnerabilities (0.1.1)