SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Resin Vendors:   Caucho Technology
Resin Web Server Discloses JSP Source Code to Remote Users
SecurityTracker Alert ID:  1009003
SecurityTracker URL:  http://securitytracker.com/id/1009003
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 10 2004
Impact:   Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  
Version(s): 2.1.12
Description:   A vulnerability was reported in the Resin web server. A remote user can view JSP source code and gain access to a restricted directory.

lovehacker reported that a remote user can supply the following type of URL to view the JSP source code of a specified file:

http://[target]/index.jsp%20

It is also reported that a remote user can obtain a listing of the restricted '/WEB-INF/' directory with the following URL:

http://[target]/WEB-INF../

Impact:   A remote user can view JSP source code. A remote user can obtain a directory listing for the '/WEB-INF/' directory.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.caucho.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (NT), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  Apache Http Server Reveals Script Source Code to Remote Users And




TOPIC:
======
Apache + Resin Reveals JSP Source Code to Remote Users And Any Users Can Access Resin Forbidden Directory ("/WEB-INF/")

Description:
============
Security vulnerability has been found in Windows NT/2000 Systems that have Apache 1.3.29 + Resin 2.1.12 installed. The vulnerability
 allows remote users view script Source Code And Access files in the Forbidden Directory.

Exploits:
=========
http://apache/index.jsp%20
It is possible to cause the Apache server to send back the content of index.jsp.

http://apache/WEB-INF../
It is possible to cause the Apache server to send back the list of "/WEB-INF/" Directory.

Analyze:
========
1.Apache think "/WEB-INF../" unequal to "/WEB-INF/" So find this Directory by itself. 
2."/WEB-INF/" Directory not Forbidden in Apache Config files. 
3."d:\resin\doc\>cd WEB-INF.." legit in Windows Systems.

Sorry for my poor english.

lovehacker
China


CHINESE:
========
在Windows上安装Apache 和 Resin来支持JSP或者Servlet存在两个问题。首先可能会导致泄露JSP&#2599

入侵者结合以上两个问题可以轻松的获得数据库密码等重要信息,首&#20808
#3
 4892;JAVA反编译后我们就可以看到其中的重要信息了。

为什么会出现这样的问题呢?其实和我发现的第一个APACHE漏洞(利用%5c访&#3838
2;WEB目录外文件)类似,都是由于APACHE是在UNIX下开发后移植到WINDOWS上来的,*NIX不&#259
#3
 0340;找到了它,同时由于在APACHE的配置中并没有要禁止对该目录下的文件进&#3
4892;访问,所以APACHE读出了文件的内容。

小弟不材,如果有不正确的地方万望指出,祝大家2004多多发财!

lovehacker

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC