Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Errors displayed on a web server

Errors displayed on a web server

From: Bénoni MARTIN <Benoni.MARTIN_at_libertis.ga>
Date: Tue, 5 Jul 2005 15:18:30 +0100

Hi list,

I am currently performing a pen-test on a company's web server, and I found the following error display when testing some random-generated URLs. It seems to be some Java code, but as I do not know this language, anyone skilled on tha can tell me if this stuff can be useful for further attacks or not (the real company name has been hidden behind ****)?

<---------- // Snip ---------->

A recursive error was detected.
The server cannot use specified error page. Please check the application error-path.

Original Error:
Error Message: File not found: //profile*
Error Code: 404
Target Servlet: File Serving Enabler
Error Stack:

--------------------------------------------------------------------------------
Root Error-1: File not found: //profile*

com.ibm.servlet.engine.webapp.WebAppErrorReport: File not found: //profile*
        at java.lang.Throwable.fillInStackTrace(Native Method)
        at java.lang.Throwable.fillInStackTrace(Compiled Code)
        at java.lang.Throwable.<init>(Compiled Code)
        at java.lang.Exception.<init>(Compiled Code)
        at javax.servlet.ServletException.<init>(Compiled Code)
        at com.ibm.websphere.servlet.error.ServletErrorReport.<init>(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppErrorReport.<init>(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppDispatcherResponse.sendError(Compiled Code)
        at com.ibm.servlet.engine.webapp.SimpleFileServlet.doGet(Compiled Code)
        at javax.servlet.http.HttpServlet.service(Compiled Code)
        at javax.servlet.http.HttpServlet.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(Compiled Code)
        at com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(Compiled Code)
        at com.ibm.servlet.engine.webapp.IdleServletState.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.StrictLifecycleServlet.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.ServletInstance.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.ValidServletReferenceState.dispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.ServletInstanceReference.dispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.handleWebAppDispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.dispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.forward(Compiled Code)
        at com.ibm.servlet.engine.srt.WebAppInvoker.handleInvocationHook(Compiled Code)
        at com.ibm.servlet.engine.invocation.CachedInvocation.handleInvocation(Compiled Code)
        at com.ibm.servlet.engine.srp.ServletRequestProcessor.dispatchByURI(Compiled Code)
        at com.ibm.servlet.engine.oselistener.OSEListenerDispatcher.service(Compiled Code)
        at com.ibm.servlet.engine.oselistener.SQEventListenerImp$ServiceRunnable.run(Compiled Code)
        at com.ibm.servlet.engine.oselistener.SQEventListenerImp.notifySQEvent(Compiled Code)
        at com.ibm.servlet.engine.oselistener.serverqueue.SQEventSource.notifyEvent(Compiled Code)
        at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.notifyService(Compiled Code)
        at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.run(Compiled Code)
        at com.ibm.servlet.engine.oselistener.outofproc.OutOfProcThread$CtlRunnable.run(Compiled Code)
        at java.lang.Thread.run(Thread.java:479)

Recursive Error:
Error Message: Server caught unhandled exception from servlet [Srv***********]: Requested path : /ga/profile* is not deliverd by this application !
Error Code: 0
Target Servlet: null
Error Stack:

--------------------------------------------------------------------------------
Root Error-1: Requested path : /ga/profile* is not deliverd by this application !

javax.servlet.ServletException: Requested path : /ga/profile* is not deliverd by this application !
        at java.lang.Throwable.fillInStackTrace(Native Method)
        at java.lang.Throwable.fillInStackTrace(Compiled Code)
        at java.lang.Throwable.<init>(Compiled Code)
        at java.lang.Exception.<init>(Compiled Code)
        at javax.servlet.ServletException.<init>(Compiled Code)
        at com.***********.fo.engine.Srv***********.doPost(Compiled Code)
        at com.***********.fo.engine.Srv***********.doGet(Compiled Code)
        at javax.servlet.http.HttpServlet.service(Compiled Code)
        at javax.servlet.http.HttpServlet.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(Compiled Code)
        at com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(Compiled Code)
        at com.ibm.servlet.engine.webapp.IdleServletState.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.StrictLifecycleServlet.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.ServletInstance.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.ValidServletReferenceState.dispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.ServletInstanceReference.dispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.handleWebAppDispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.dispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.include(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebApp.sendError(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppDispatcherResponse.sendError(Compiled Code)
        at com.ibm.servlet.engine.webapp.SimpleFileServlet.doGet(Compiled Code)
        at javax.servlet.http.HttpServlet.service(Compiled Code)
        at javax.servlet.http.HttpServlet.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(Compiled Code)
        at com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(Compiled Code)
        at com.ibm.servlet.engine.webapp.IdleServletState.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.StrictLifecycleServlet.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.ServletInstance.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.ValidServletReferenceState.dispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.ServletInstanceReference.dispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.handleWebAppDispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.dispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.forward(Compiled Code)
        at com.ibm.servlet.engine.srt.WebAppInvoker.handleInvocationHook(Compiled Code)
        at com.ibm.servlet.engine.invocation.CachedInvocation.handleInvocation(Compiled Code)
        at com.ibm.servlet.engine.srp.ServletRequestProcessor.dispatchByURI(Compiled Code)
        at com.ibm.servlet.engine.oselistener.OSEListenerDispatcher.service(Compiled Code)
        at com.ibm.servlet.engine.oselistener.SQEventListenerImp$ServiceRunnable.run(Compiled Code)
        at com.ibm.servlet.engine.oselistener.SQEventListenerImp.notifySQEvent(Compiled Code)
        at com.ibm.servlet.engine.oselistener.serverqueue.SQEventSource.notifyEvent(Compiled Code)
        at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.notifyService(Compiled Code)
        at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.run(Compiled Code)
        at com.ibm.servlet.engine.oselistener.outofproc.OutOfProcThread$CtlRunnable.run(Compiled Code)
        at java.lang.Thread.run(Thread.java:479)

--------------------------------------------------------------------------------
Wrapped Error-2: Server caught unhandled exception from servlet [Srv***********]: Requested path : /ga/profile* is not deliverd by this application !

com.ibm.servlet.engine.webapp.UncaughtServletException: Server caught unhandled exception from servlet [Srv***********]: Requested path : /ga/profile* is not deliverd by this application !
        at java.lang.Throwable.fillInStackTrace(Native Method)
        at java.lang.Throwable.fillInStackTrace(Compiled Code)
        at java.lang.Throwable.<init>(Compiled Code)
        at java.lang.Exception.<init>(Compiled Code)
        at javax.servlet.ServletException.<init>(Compiled Code)
        at com.ibm.websphere.servlet.error.ServletErrorReport.<init>(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppErrorReport.<init>(Compiled Code)
        at com.ibm.servlet.engine.webapp.UncaughtServletException.<init>(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.handleWebAppDispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.dispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.include(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebApp.sendError(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppDispatcherResponse.sendError(Compiled Code)
        at com.ibm.servlet.engine.webapp.SimpleFileServlet.doGet(Compiled Code)
        at javax.servlet.http.HttpServlet.service(Compiled Code)
        at javax.servlet.http.HttpServlet.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(Compiled Code)
        at com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(Compiled Code)
        at com.ibm.servlet.engine.webapp.IdleServletState.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.StrictLifecycleServlet.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.ServletInstance.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.ValidServletReferenceState.dispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.ServletInstanceReference.dispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.handleWebAppDispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.dispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.forward(Compiled Code)
        at com.ibm.servlet.engine.srt.WebAppInvoker.handleInvocationHook(Compiled Code)
        at com.ibm.servlet.engine.invocation.CachedInvocation.handleInvocation(Compiled Code)
        at com.ibm.servlet.engine.srp.ServletRequestProcessor.dispatchByURI(Compiled Code)
        at com.ibm.servlet.engine.oselistener.OSEListenerDispatcher.service(Compiled Code)
        at com.ibm.servlet.engine.oselistener.SQEventListenerImp$ServiceRunnable.run(Compiled Code)
        at com.ibm.servlet.engine.oselistener.SQEventListenerImp.notifySQEvent(Compiled Code)
        at com.ibm.servlet.engine.oselistener.serverqueue.SQEventSource.notifyEvent(Compiled Code)
        at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.notifyService(Compiled Code)
        at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.run(Compiled Code)
        at com.ibm.servlet.engine.oselistener.outofproc.OutOfProcThread$CtlRunnable.run(Compiled Code)
        at java.lang.Thread.run(Thread.java:479)

--------------------------------------------------------------------------------
Wrapped Error-3: Server caught unhandled exception from servlet [Srv***********]: Requested path : /ga/profile* is not deliverd by this application !

com.ibm.servlet.engine.webapp.WebAppErrorReport: Server caught unhandled exception from servlet [Srv***********]: Requested path : /ga/profile* is not deliverd by this application !
        at java.lang.Throwable.fillInStackTrace(Native Method)
        at java.lang.Throwable.fillInStackTrace(Compiled Code)
        at java.lang.Throwable.<init>(Compiled Code)
        at java.lang.Exception.<init>(Compiled Code)
        at javax.servlet.ServletException.<init>(Compiled Code)
        at com.ibm.websphere.servlet.error.ServletErrorReport.<init>(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppErrorReport.<init>(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebApp.sendError(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppDispatcherResponse.sendError(Compiled Code)
        at com.ibm.servlet.engine.webapp.SimpleFileServlet.doGet(Compiled Code)
        at javax.servlet.http.HttpServlet.service(Compiled Code)
        at javax.servlet.http.HttpServlet.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(Compiled Code)
        at com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(Compiled Code)
        at com.ibm.servlet.engine.webapp.IdleServletState.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.StrictLifecycleServlet.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.ServletInstance.service(Compiled Code)
        at com.ibm.servlet.engine.webapp.ValidServletReferenceState.dispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.ServletInstanceReference.dispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.handleWebAppDispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.dispatch(Compiled Code)
        at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.forward(Compiled Code)
        at com.ibm.servlet.engine.srt.WebAppInvoker.handleInvocationHook(Compiled Code)
        at com.ibm.servlet.engine.invocation.CachedInvocation.handleInvocation(Compiled Code)
        at com.ibm.servlet.engine.srp.ServletRequestProcessor.dispatchByURI(Compiled Code)
        at com.ibm.servlet.engine.oselistener.OSEListenerDispatcher.service(Compiled Code)
        at com.ibm.servlet.engine.oselistener.SQEventListenerImp$ServiceRunnable.run(Compiled Code)
        at com.ibm.servlet.engine.oselistener.SQEventListenerImp.notifySQEvent(Compiled Code)
        at com.ibm.servlet.engine.oselistener.serverqueue.SQEventSource.notifyEvent(Compiled Code)
        at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.notifyService(Compiled Code)
        at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.run(Compiled Code)
        at com.ibm.servlet.engine.oselistener.outofproc.OutOfProcThread$CtlRunnable.run(Compiled Code)
        at java.lang.Thread.run(Thread.java:479)

<---------- Snip // ---------->
Received on Jul 05 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]