Java网络服务器获得CGI程序的源码漏洞

31次阅读
没有评论

Java网络服务器获得CGI程序的源码漏洞

漏洞ID 1105320 漏洞类型 未知
发布时间 1997-07-16 更新时间 1999-01-01
Java网络服务器获得CGI程序的源码漏洞CVE编号 CVE-1999-0283
Java网络服务器获得CGI程序的源码漏洞CNNVD-ID CNNVD-199901-015
漏洞平台 Windows CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/20375
https://www.securityfocus.com/bid/82094
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199901-015
|漏洞详情
Java网络服务器中存在漏洞。远程攻击者利用该漏洞获得CGI程序的源码。
|漏洞EXP
source: http://www.securityfocus.com/bid/1891/info

A vulnerability exists in Sun Microsystems' JavaWebServer for Win32, version 1.1Beta. JavaWebServer is a Java-oriented web application development platform.

If a URL is submitted requesting a .jhtml file (an HTML document with embedded Java source) and a '.' or '/' character is appended to the filename, the source for that .jhtml file will be returned to the client, rather than being compiled on the server. As a result, system information which is not intended for disclosure to the client, such as database usernames and passwords, resource locations, website and network structure and business models, may be obtained by the attacker. As well as its inherent sensitivity, this type of information could potentially be used to implement other attacks on the host.

http://localhost/xyz.jhtml. 

or 

http://localhost/xyz.jhtml
|受影响的产品
Oracle Java Web Server 0
|参考资料

来源:BUGTRAQ
名称:19970716Viewable.jhtmlsourcewithJavaWebServer
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=88256790401004&w=2

相关推荐: NT LSA Secrets Vulnerability

NT LSA Secrets Vulnerability 漏洞ID 1105054 漏洞类型 Design Error 发布时间 1997-07-16 更新时间 1997-07-16 CVE编号 N/A CNNVD-ID N/A 漏洞平台 N/A CVSS评分…

正文完
 0