[原文]Blazix Web Server before 1.2.6, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot), (2) space, and (3) slash characters in the extension of a URL.
Blazix Web Server Crafted Filename Extension JSP Source Disclosure
Remote / Network Access
Loss of Confidentiality
Blazix Web Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides a crafted file name, which will disclose the JSP script source code information resulting in a loss of confidentiality.
Upgrade to version 1.2.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.