TUCoPS :: Web :: Apps :: sexec4.htm

RESIN ServletExec show source vulnerability 
Vulnerability

    ServletExec

Affected

    RESIN ServletExec

Description

    'benjurry' found following.   Resintm serves the fastest  servlets
    and  JSP.   With  Java  and  JavaScript  support,  Resin gives web
    applications the flexibility to choose the right language for  the
    task.   Resin's  leading  XSL  (XML  stylesheet  language) support
    encourages separation of content from formatting.  Resin  provides
    a fast servlet runner for Apache, allowing Apache to run  servlets
    and JSP files.

    But  On  Resin1.2(maybe  Resin1.1  also) with Win32(Win2k Simplify
    Chinese version)Apache,  ServletExec will  return the  source code
    of JSP  files when  a HTTP  request is  appended with  one of  the
    following characters:

        ".."
        "%2e.."
        "%81"
        "%82"
        ........


        "%fe"

    For example,  the following  URL will  display the  source of  the
    specified JSP file:

        http://benjurry/benjurry.jsp..

        http://benjurry/benjurry.jsp%81

    Successful exploitation could lead to the disclosure of  sensitive
    information contained within JSP pages.

    David  Cruz  tested  that  on  his  developing platform.  It's not
    working  with  Apache  1.3.9,  Resin1.1.5,  it's  not working with
    resin1.2.0 too.   All this in  Solaris.  Guess  it's another win2K
    bug only.

Solution

    Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH