New Atlanta Communications : Security Vulnerabilities, CVEs,
Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in the default error page.
Max CVSS
2.6
EPSS Score
0.29%
Published
2006-06-26
Updated
2011-03-08
BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) con, (2) aux, (3) com1, and (4) com2.
Max CVSS
5.0
EPSS Score
2.96%
Published
2006-06-26
Updated
2011-03-08
NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a denial of service (crash) via (1) a request for a long .jsp file, or (2) a long URL sent directly to com.newatlanta.servletexec.JSP10Servlet.
Max CVSS
5.0
EPSS Score
1.16%
Published
2002-10-04
Updated
2008-09-05
Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to read arbitrary files via a URL-encoded request to com.newatlanta.servletexec.JSP10Servlet containing "..%5c" (modified dot-dot) sequences.
Max CVSS
5.0
EPSS Score
0.62%
Published
2002-10-04
Updated
2008-09-05
The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message.
Max CVSS
5.0
EPSS Score
1.07%
Published
2002-10-04
Updated
2008-09-05
5 vulnerabilities found