Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET.
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as (1) upper case letters or (2) 8.3 file names.
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some ...