IBM WebSphere Application Server Web泄露漏洞

IBM WebSphere Application Server Web泄露漏洞

漏洞ID 1108666 漏洞类型 访问验证错误
发布时间 2005-04-13 更新时间 2005-10-20
图片[1]-IBM WebSphere Application Server Web泄露漏洞-安全小百科CVE编号 CVE-2005-1112
图片[2]-IBM WebSphere Application Server Web泄露漏洞-安全小百科CNNVD-ID CNNVD-200505-728
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/25420
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-728
|漏洞详情
IBMWebSphereApplicationServer6.0及更早版本,在共享web服务器的文档root时,远程攻击者可以通过带有无效主机标题的HTTP请求,导致web服务器而非JSP引擎来处理该页面,从而获取JavaServerPages(.jsp)的源代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/13160/info

A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to properly handle various requests under certain circumstances.

It should be noted that this issue only arises when the Web serve and application server root directories reside in the same location; this is not the default configuration.

An attacker may leverage this issue to disclose JSP source code, facilitating code theft as well as potential further attacks. 

GET /index.jsp HTTP/1.0
Host: NonExistentHost
|参考资料

来源:XF
名称:ibm-websphere-information-disclosure(20099)
链接:http://xforce.iss.net/xforce/xfdb/20099
来源:SECTRACK
名称:1013697
链接:http://securitytracker.com/id?1013697
来源:SECUNIA
名称:14962
链接:http://secunia.com/advisories/14962
来源:BUGTRAQ
名称:20050413IBMWebSphereWidespreadconfigurationJSPdisclosure
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111342594129109&w;=2
来源:BID
名称:13160
链接:http://www.securityfocus.com/bid/13160
来源:OSVDB
名称:15501
链接:http://www.osvdb.org/15501

相关推荐: Microsoft Internet Explorer Remote IFRAME Denial Of Service Vulnerability

Microsoft Internet Explorer Remote IFRAME Denial Of Service Vulnerability 漏洞ID 1098642 漏洞类型 Failure to Handle Exceptional Conditio…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享