A custom servlet is registered within the web.xml file to handle URL's that match the pattern that you are generating. It appears that the code that handles this request does not understand the pattern passed in, therefore throwing a java exception within the doPost() and/or doGet() code of the servlet.
It looks like the developer must add a try/except statement around the servlet code to catch url patterns that are not of interest to the application and redirect the exception to an appropriate page.
Hope this helps.
-----Original Message-----
From: Daniel [mailto:deeper_at_gmail.com]
Sent: Tuesday, July 05, 2005 11:33 AM
To: Bénoni MARTIN
Cc: webappsec_at_securityfocus.com
Subject: Re: Errors displayed on a web server
well its WebSphere for sure, and what ever you were doing with the
URL's made it throw a hissyfit
Was this just for non existant urls or were you doing some fuzzing as well?
On 7/5/05, Bénoni MARTIN <Benoni.MARTIN_at_libertis.ga> wrote:
> Hi list,
>
> I am currently performing a pen-test on a company's web server, and I found the following error display when testing some random-generated URLs. It seems to be some Java code, but as I do not know this language, anyone skilled on tha can tell me if this stuff can be useful for further attacks or not (the real company name has been hidden behind ****)?
>
>
>
>
>
>
> <---------- // Snip ---------->
>
>
>
> A recursive error was detected.
> The server cannot use specified error page. Please check the application error-path.
>
>
> Original Error:
> Error Message: File not found: //profile*
> Error Code: 404
> Target Servlet: File Serving Enabler
> Error Stack:
>
> --------------------------------------------------------------------------------
> Root Error-1: File not found: //profile*
>
> com.ibm.servlet.engine.webapp.WebAppErrorReport: File not found: //profile*
> at java.lang.Throwable.fillInStackTrace(Native Method)
> at java.lang.Throwable.fillInStackTrace(Compiled Code)
> at java.lang.Throwable.<init>(Compiled Code)
> at java.lang.Exception.<init>(Compiled Code)
> at javax.servlet.ServletException.<init>(Compiled Code)
> at com.ibm.websphere.servlet.error.ServletErrorReport.<init>(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppErrorReport.<init>(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppDispatcherResponse.sendError(Compiled Code)
> at com.ibm.servlet.engine.webapp.SimpleFileServlet.doGet(Compiled Code)
> at javax.servlet.http.HttpServlet.service(Compiled Code)
> at javax.servlet.http.HttpServlet.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(Compiled Code)
> at com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(Compiled Code)
> at com.ibm.servlet.engine.webapp.IdleServletState.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.StrictLifecycleServlet.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.ServletInstance.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.ValidServletReferenceState.dispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.ServletInstanceReference.dispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.handleWebAppDispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.dispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.forward(Compiled Code)
> at com.ibm.servlet.engine.srt.WebAppInvoker.handleInvocationHook(Compiled Code)
> at com.ibm.servlet.engine.invocation.CachedInvocation.handleInvocation(Compiled Code)
> at com.ibm.servlet.engine.srp.ServletRequestProcessor.dispatchByURI(Compiled Code)
> at com.ibm.servlet.engine.oselistener.OSEListenerDispatcher.service(Compiled Code)
> at com.ibm.servlet.engine.oselistener.SQEventListenerImp$ServiceRunnable.run(Compiled Code)
> at com.ibm.servlet.engine.oselistener.SQEventListenerImp.notifySQEvent(Compiled Code)
> at com.ibm.servlet.engine.oselistener.serverqueue.SQEventSource.notifyEvent(Compiled Code)
> at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.notifyService(Compiled Code)
> at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.run(Compiled Code)
> at com.ibm.servlet.engine.oselistener.outofproc.OutOfProcThread$CtlRunnable.run(Compiled Code)
> at java.lang.Thread.run(Thread.java:479)
>
>
>
>
>
> Recursive Error:
> Error Message: Server caught unhandled exception from servlet [Srv***********]: Requested path : /ga/profile* is not deliverd by this application !
> Error Code: 0
> Target Servlet: null
> Error Stack:
>
> --------------------------------------------------------------------------------
> Root Error-1: Requested path : /ga/profile* is not deliverd by this application !
>
> javax.servlet.ServletException: Requested path : /ga/profile* is not deliverd by this application !
> at java.lang.Throwable.fillInStackTrace(Native Method)
> at java.lang.Throwable.fillInStackTrace(Compiled Code)
> at java.lang.Throwable.<init>(Compiled Code)
> at java.lang.Exception.<init>(Compiled Code)
> at javax.servlet.ServletException.<init>(Compiled Code)
> at com.***********.fo.engine.Srv***********.doPost(Compiled Code)
> at com.***********.fo.engine.Srv***********.doGet(Compiled Code)
> at javax.servlet.http.HttpServlet.service(Compiled Code)
> at javax.servlet.http.HttpServlet.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(Compiled Code)
> at com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(Compiled Code)
> at com.ibm.servlet.engine.webapp.IdleServletState.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.StrictLifecycleServlet.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.ServletInstance.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.ValidServletReferenceState.dispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.ServletInstanceReference.dispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.handleWebAppDispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.dispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.include(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebApp.sendError(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppDispatcherResponse.sendError(Compiled Code)
> at com.ibm.servlet.engine.webapp.SimpleFileServlet.doGet(Compiled Code)
> at javax.servlet.http.HttpServlet.service(Compiled Code)
> at javax.servlet.http.HttpServlet.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(Compiled Code)
> at com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(Compiled Code)
> at com.ibm.servlet.engine.webapp.IdleServletState.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.StrictLifecycleServlet.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.ServletInstance.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.ValidServletReferenceState.dispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.ServletInstanceReference.dispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.handleWebAppDispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.dispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.forward(Compiled Code)
> at com.ibm.servlet.engine.srt.WebAppInvoker.handleInvocationHook(Compiled Code)
> at com.ibm.servlet.engine.invocation.CachedInvocation.handleInvocation(Compiled Code)
> at com.ibm.servlet.engine.srp.ServletRequestProcessor.dispatchByURI(Compiled Code)
> at com.ibm.servlet.engine.oselistener.OSEListenerDispatcher.service(Compiled Code)
> at com.ibm.servlet.engine.oselistener.SQEventListenerImp$ServiceRunnable.run(Compiled Code)
> at com.ibm.servlet.engine.oselistener.SQEventListenerImp.notifySQEvent(Compiled Code)
> at com.ibm.servlet.engine.oselistener.serverqueue.SQEventSource.notifyEvent(Compiled Code)
> at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.notifyService(Compiled Code)
> at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.run(Compiled Code)
> at com.ibm.servlet.engine.oselistener.outofproc.OutOfProcThread$CtlRunnable.run(Compiled Code)
> at java.lang.Thread.run(Thread.java:479)
>
>
>
> --------------------------------------------------------------------------------
> Wrapped Error-2: Server caught unhandled exception from servlet [Srv***********]: Requested path : /ga/profile* is not deliverd by this application !
>
> com.ibm.servlet.engine.webapp.UncaughtServletException: Server caught unhandled exception from servlet [Srv***********]: Requested path : /ga/profile* is not deliverd by this application !
> at java.lang.Throwable.fillInStackTrace(Native Method)
> at java.lang.Throwable.fillInStackTrace(Compiled Code)
> at java.lang.Throwable.<init>(Compiled Code)
> at java.lang.Exception.<init>(Compiled Code)
> at javax.servlet.ServletException.<init>(Compiled Code)
> at com.ibm.websphere.servlet.error.ServletErrorReport.<init>(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppErrorReport.<init>(Compiled Code)
> at com.ibm.servlet.engine.webapp.UncaughtServletException.<init>(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.handleWebAppDispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.dispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.include(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebApp.sendError(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppDispatcherResponse.sendError(Compiled Code)
> at com.ibm.servlet.engine.webapp.SimpleFileServlet.doGet(Compiled Code)
> at javax.servlet.http.HttpServlet.service(Compiled Code)
> at javax.servlet.http.HttpServlet.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(Compiled Code)
> at com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(Compiled Code)
> at com.ibm.servlet.engine.webapp.IdleServletState.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.StrictLifecycleServlet.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.ServletInstance.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.ValidServletReferenceState.dispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.ServletInstanceReference.dispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.handleWebAppDispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.dispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.forward(Compiled Code)
> at com.ibm.servlet.engine.srt.WebAppInvoker.handleInvocationHook(Compiled Code)
> at com.ibm.servlet.engine.invocation.CachedInvocation.handleInvocation(Compiled Code)
> at com.ibm.servlet.engine.srp.ServletRequestProcessor.dispatchByURI(Compiled Code)
> at com.ibm.servlet.engine.oselistener.OSEListenerDispatcher.service(Compiled Code)
> at com.ibm.servlet.engine.oselistener.SQEventListenerImp$ServiceRunnable.run(Compiled Code)
> at com.ibm.servlet.engine.oselistener.SQEventListenerImp.notifySQEvent(Compiled Code)
> at com.ibm.servlet.engine.oselistener.serverqueue.SQEventSource.notifyEvent(Compiled Code)
> at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.notifyService(Compiled Code)
> at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.run(Compiled Code)
> at com.ibm.servlet.engine.oselistener.outofproc.OutOfProcThread$CtlRunnable.run(Compiled Code)
> at java.lang.Thread.run(Thread.java:479)
>
>
>
> --------------------------------------------------------------------------------
> Wrapped Error-3: Server caught unhandled exception from servlet [Srv***********]: Requested path : /ga/profile* is not deliverd by this application !
>
> com.ibm.servlet.engine.webapp.WebAppErrorReport: Server caught unhandled exception from servlet [Srv***********]: Requested path : /ga/profile* is not deliverd by this application !
> at java.lang.Throwable.fillInStackTrace(Native Method)
> at java.lang.Throwable.fillInStackTrace(Compiled Code)
> at java.lang.Throwable.<init>(Compiled Code)
> at java.lang.Exception.<init>(Compiled Code)
> at javax.servlet.ServletException.<init>(Compiled Code)
> at com.ibm.websphere.servlet.error.ServletErrorReport.<init>(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppErrorReport.<init>(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebApp.sendError(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppDispatcherResponse.sendError(Compiled Code)
> at com.ibm.servlet.engine.webapp.SimpleFileServlet.doGet(Compiled Code)
> at javax.servlet.http.HttpServlet.service(Compiled Code)
> at javax.servlet.http.HttpServlet.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(Compiled Code)
> at com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(Compiled Code)
> at com.ibm.servlet.engine.webapp.IdleServletState.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.StrictLifecycleServlet.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.ServletInstance.service(Compiled Code)
> at com.ibm.servlet.engine.webapp.ValidServletReferenceState.dispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.ServletInstanceReference.dispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.handleWebAppDispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.dispatch(Compiled Code)
> at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.forward(Compiled Code)
> at com.ibm.servlet.engine.srt.WebAppInvoker.handleInvocationHook(Compiled Code)
> at com.ibm.servlet.engine.invocation.CachedInvocation.handleInvocation(Compiled Code)
> at com.ibm.servlet.engine.srp.ServletRequestProcessor.dispatchByURI(Compiled Code)
> at com.ibm.servlet.engine.oselistener.OSEListenerDispatcher.service(Compiled Code)
> at com.ibm.servlet.engine.oselistener.SQEventListenerImp$ServiceRunnable.run(Compiled Code)
> at com.ibm.servlet.engine.oselistener.SQEventListenerImp.notifySQEvent(Compiled Code)
> at com.ibm.servlet.engine.oselistener.serverqueue.SQEventSource.notifyEvent(Compiled Code)
> at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.notifyService(Compiled Code)
> at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.run(Compiled Code)
> at com.ibm.servlet.engine.oselistener.outofproc.OutOfProcThread$CtlRunnable.run(Compiled Code)
> at java.lang.Thread.run(Thread.java:479)
>
>
>
>
> <---------- Snip // ---------->
>
#####################################################################################
CONFIDENTIAL: This e-mail, including its contents and attachments, if any, are confidential. It is neither an offer to buy or sell, nor a solicitation of an offer to buy or sell, any securities or any related financial instruments mentioned in it. If you are not the named recipient please notify the sender and immediately delete it. You may not disseminate, distribute, or forward this e-mail message or disclose its contents to anybody else. Unless otherwise indicated, copyright and any other intellectual property rights in its contents are the sole property of Mizuho Securities USA Inc.
E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
Although we routinely screen for viruses, addressees should check this e-mail and any attachments for viruses. We make no representation or warranty as to the absence of viruses in this e-mail or any attachments. Please note that to ensure regulatory compliance and for the protection of our customers and business, we may monitor and read e-mails sent to and from our server(s).
#####################################################################################
Received on Jul 05 2005
Intro
