Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_4

Bugtraq archives for 4th quarter (Oct-Dec) 1997: Viewable .jhtml source with JavaWebServer

Viewable .jhtml source with JavaWebServer

Brian Krahmer (brianKRAHMER.COM)
Wed, 16 Jul 1997 14:01:05 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alec Muffett: "Re: Buffer Overrun / DOS in /bin/passwd (at least Redhat Linux"
Previous message: Steve Bellovin: "Re: StackGuard: Automatic Protection From Stack-smashing Attacks"

It has been discovered by Min Chang that there is a security
vulnerability in the 1.1Beta version of JavaWebServer for win32.
Similar to the IIS viewable source bug, if you append a '.' (period) or
a '\' (backslash) to a .jhtml URL, the server will display the source.
.jhtml files are html files with embedded Java code that are supposed to
be compiled and returned to the client (sans the java code).  Because
these files can have things like jdbc queries or important server
filenames embedded in them, it is a security risk.

examples:
http://localhost/xyz.jhtml.
or
http://localhost/xyz.jhtml\

brian
--
  Brian Krahmer - briankrahmer.com - http://www.krahmer.com
           President, Network Guardians, Inc.
  Makers of NetGuard.  1.0 release coming after the new year!
               http://www.net-guards.com

Next message: Alec Muffett: "Re: Buffer Overrun / DOS in /bin/passwd (at least Redhat Linux"
Previous message: Steve Bellovin: "Re: StackGuard: Automatic Protection From Stack-smashing Attacks"