|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: RESIN ServletExec JSP Source Disclosure Vulnerability(IIS 5)
From: benjurry (benjurry
YEAH.NET)Date: Wed Nov 22 2000 - 23:10:11 CST
- Next message: secureCONECTIVA.COM.BR: "[CLSA-2000:344] Conectiva Linux Security Announcement - netscape"
- Previous message: benjurry: "RESIN ServletExec JSP Source Disclosure Vulnerability(Resin Web Server)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Resintm serves the fastest servlets and JSP. With Java and JavaScript support, Resin gives web applications the flexibility to choose the right language for the task. Resin's leading XSL (XML stylesheet language) support encourages separation of content from formatting.
Resin provides a fast servlet runner for IIS and PWS, allowing IIS to run servlets and JSP files.
But On Resin1.2(maybe Resin1.1 also)(Win2k Simplify Chinese version),ServletExec will return the source code of JSP files when you chage the url to encode ASCII(That is to say,"%2e" instead of ".").
For example, the following URL will display the source of the specified JSP file:
http://benjurry/benjurry%2ejsp
Successful exploitation could lead to the disclosure of sensitive information contained within JSP pages.
Solution:
I have reported this bug to the vendor,but they do nothing about it.
Benjurry
benjurry263.net
2000.11.22
Share what I konw,Learn what I don't
- Next message: secureCONECTIVA.COM.BR: "[CLSA-2000:344] Conectiva Linux Security Announcement - netscape"
- Previous message: benjurry: "RESIN ServletExec JSP Source Disclosure Vulnerability(Resin Web Server)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]