当前位置: 首页 > 图文教程 > 网络编程 > JSP > apache tomcat的snoop servlet漏洞

JSP
jsp计数器制作
用jsp编写文件上载
基于JSP的动态网站开发技术
JSP由浅入深(3)—— 通过表达式增加动态内容
JSP由浅入深(5)—— Scriptlets和HTML的混合
JSP由浅入深(1)—— 熟悉JSP服务器
JSP由浅入深(12)—— 表单编辑
JSP由浅入深(11)—— 标记库
JSP由浅入深(10)—— Beans and Forms处理
JSP由浅入深(9)—— JSP Sessions
JSP由浅入深(8)—— JSP Tags
JSP由浅入深(6)—— JSP声明
JSP由浅入深(4)—— Scriptlets
JSP由浅入深(2)—— 第一个JSP
JSP由浅入深(7)—— JSP Directives
JSP中的字符替换函数 str_replace() 实现!
把一张图片变形扭曲成各种不同的长宽
用JSP编写通用信息发布程序
Java Servlet及Cookie的使用
Apache+Servlet+Jsp环境设置(上)

JSP 中的 apache tomcat的snoop servlet漏洞


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-11-02   浏览: 70 ::
收藏到网摘: n/a

bugtraq id 1500
class Access Validation Error
cve GENERIC-MAP-NOMATCH
remote Yes
local Yes
published July 24, 2000
updated July 24, 2000
vulnerable IBM Websphere Application Server 3.0.21
- Sun Solaris 8.0
- Microsoft Windows NT 4.0
- Linux kernel 2.3.x
- IBM AIX 4.3
IBM Websphere Application Server 3.0
- Sun Solaris 8.0
- Novell Netware 5.0
- Microsoft Windows NT 4.0
- Linux kernel 2.3.x
- IBM AIX 4.3
IBM Websphere Application Server 2.0
- Sun Solaris 8.0
- Novell Netware 5.0
- Microsoft Windows NT 4.0
- Linux kernel 2.3.x
- IBM AIX 4.3

Certain versions of the IBM WebSphere application server ship with a vulnerability which allows malicious users to view the source of any document which resides in the web document root directory.

This is possible via a flaw which allows a default servlet (different servlets are used to parse different types of content, JHTML, HTMl, JSP, etc.) This default servlet will display the document/page without parsing/compiling it hence allowing the code to be viewed by the end user.

The Foundstone, Inc. advisory which covered this problem detailed the following method of verifying the vulnerability - full text of this advisory is available in the 'Credit' section of this entry:

"It is easy to verify this vulnerability for a given system. Prefixing the path to web pages with "/servlet/file/" in the URL causes the file to be displayed without being
parsed or compiled. For example if the URL for a file "login.jsp" is:

http://site.running.websphere/login.jsp

then accessing

http://site.running.websphere/servlet/file/login.jsp

would cause the unparsed contents of the file to show up in the web browser."