Home page logo
/

bugtraq logo Bugtraq mailing list archives

RESIN ServletExec JSP Source Disclosure Vulnerability(Apache 1.3.6 Win2k))
From: benjurry <benjurry () YEAH NET>
Date: Thu, 23 Nov 2000 13:11:38 +0800

Resintm serves the fastest servlets and JSP. With Java and JavaScript support, Resin gives web applications the 
flexibility to choose the right language for the task. Resin's leading XSL (XML stylesheet language) support encourages 
separation of content from formatting. 
Resin provides a fast servlet runner for Apache, allowing Apache to run servlets and JSP files. 

But On Resin1.2(maybe Resin1.1 also) with Win32(Win2k Simplify Chinese version)Apache ,ServletExec will return the 
source code of JSP files when a HTTP request is appended with one of the following characters:

".."
"%2e.."
"%81"
"%82"
........


"%fe"
For example, the following URL will display the source of the specified JSP file:

http://benjurry/benjurry.jsp..

http://benjurry/benjurry.jsp%81

Successful exploitation could lead to the disclosure of sensitive information contained within JSP pages.



Solution:

I have reported this bug to the vendor,but they do nothing about it.



Benjurry
benjurry () 263 net
2000.11.22

Share what I konw,Learn what I don't



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault