Tomcat 3.2.1/4.0 / Weblogic Server 5.1 – URL JSP Request Source Code Disclosure

Tomcat 3.2.1/4.0 / Weblogic Server 5.1 – URL JSP Request Source Code Disclosure

漏洞ID 1053526 漏洞类型
发布时间 2001-03-28 更新时间 2001-03-28
图片[1]-Tomcat 3.2.1/4.0 / Weblogic Server 5.1 – URL JSP Request Source Code Disclosure-安全小百科CVE编号 N/A
图片[2]-Tomcat 3.2.1/4.0 / Weblogic Server 5.1 – URL JSP Request Source Code Disclosure-安全小百科CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/20719
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/2527/info


BEA Systems WebLogic Server is an enterprise level web and wireless application server.

Tomcat can be used together with the Apache web server or a stand alone server for Java Servlets and Java Pages. Tomcat ships with a built in web server.

Tomcat and WebLogic's inbuilt webserver will return the source code of JSP files when an HTTP request contains URL encoded replacements for characters in the filename.

If successfully exploited this vulnerability could lead to the disclosure of sensitive information contained within JSP pages. This information may assist in further attacks against the host.

WebLogic:

http://www.example.com/index.js%70

Tomcat:

http://www.example.com/examples/jsp/num/numguess.js%70

The following variant URL for Tomcat has been provided by lovehacker <[email protected]>:

http://www.example.com/examples/snp/snoop%252ejsp

相关推荐: Windows NT CVE-1999-0577 Remote Security Vulnerability

Windows NT CVE-1999-0577 Remote Security Vulnerability 漏洞ID 1208792 漏洞类型 Failure to Handle Exceptional Conditions 发布时间 1999-01-01 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享