[19162] in bugtraq
Patch for Potential Vulnerability in the execution of JSPs
daemon@ATHENA.MIT.EDU (Oracle Security Alerts)
Mon Feb 12 21:38:05 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <3A885EDF.3506B88@oracle.com>
Date: Mon, 12 Feb 2001 14:08:31 -0800
Reply-To: Oracle Security Alerts <secalert_us@ORACLE.COM>
From: Oracle Security Alerts <secalert_us@ORACLE.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Patch for Potential Vulnerability in the execution of JSPs outside
doc_root
Description of the problem
A potential security vulnerability has been discovered in Oracle JSP
releases 1.0.x through 1.1.1 (in Apache/Jserv). This vulnerability
permits access to and execution of unintended JSP files outside the
doc_root in Apache/Jserv. For example, accessing
http://HOST/a.jsp//..//..//..//..//..//../b.jsp will execute b.jsp
outside the doc_root instead of a.jsp if there is a b.jsp file in the
matching directory.
Products Affected
Oracle8i Release 8.1.7, iAS Release 1.0.2
Oracle JSP, Apache/JServ Releases 1.0.x - 1.1.1
Platforms Affected
Windows NT
Likelihood of Occurrence
Whenever //.. is present in the URI while using Apache/JServ.
Solution
Upgrade to OJSP Release 1.1.2.0.0 which is available on Oracle
Technology Network's OJSP web site.
Credits
Oracle Corporation wishes to thank Georgi Guninski for discovering this
vulnerability and promptly bringing it to Oracle's attention.
