Java网络服务器获得CGI程序的源码漏洞

Java网络服务器获得CGI程序的源码漏洞

漏洞ID 1105320 漏洞类型 未知
发布时间 1997-07-16 更新时间 1999-01-01
图片[1]-Java网络服务器获得CGI程序的源码漏洞-安全小百科CVE编号 CVE-1999-0283
图片[2]-Java网络服务器获得CGI程序的源码漏洞-安全小百科CNNVD-ID CNNVD-199901-015
漏洞平台 Windows CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/20375
https://www.securityfocus.com/bid/82094
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199901-015
|漏洞详情
Java网络服务器中存在漏洞。远程攻击者利用该漏洞获得CGI程序的源码。
|漏洞EXP
source: http://www.securityfocus.com/bid/1891/info

A vulnerability exists in Sun Microsystems' JavaWebServer for Win32, version 1.1Beta. JavaWebServer is a Java-oriented web application development platform.

If a URL is submitted requesting a .jhtml file (an HTML document with embedded Java source) and a '.' or '/' character is appended to the filename, the source for that .jhtml file will be returned to the client, rather than being compiled on the server. As a result, system information which is not intended for disclosure to the client, such as database usernames and passwords, resource locations, website and network structure and business models, may be obtained by the attacker. As well as its inherent sensitivity, this type of information could potentially be used to implement other attacks on the host.

http://localhost/xyz.jhtml. 

or 

http://localhost/xyz.jhtml
|受影响的产品
Oracle Java Web Server 0
|参考资料

来源:BUGTRAQ
名称:19970716Viewable.jhtmlsourcewithJavaWebServer
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=88256790401004&w=2

相关推荐: NT LSA Secrets Vulnerability

NT LSA Secrets Vulnerability 漏洞ID 1105054 漏洞类型 Design Error 发布时间 1997-07-16 更新时间 1997-07-16 CVE编号 N/A CNNVD-ID N/A 漏洞平台 N/A CVSS评分…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享