[20012] in bugtraq
CHINANSL Security Advisory(CSA-200111)
daemon@ATHENA.MIT.EDU (lovehacker)
Tue Apr 3 18:56:20 2001
Message-ID: <20010403104108.23862.qmail@securityfocus.com>
Date: Tue, 3 Apr 2001 10:41:08 -0000
Reply-To: lovehacker@263.NET
From: lovehacker <lovehacker@263.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Topic: Resin 1.2.* & 1.3b1 Javabean file disclosure
vulnerability
vulnerable:
=============
winnt/2000(maybe other operating system also)
+Resin 1.2.*
+Resin 1.3b1
discussion:
===========
A security vulnerability has been found in Windows
NT/2000 systems that have Resin 1.2.* or Resin
1.3b1 installed. The vulnerability allows remote
attackers to view Javabean file in Forbidden directory.
For example:
http://Resin1.*:8080/WEB-INF/classes/Env.java
The request will be return : 403 Forbidden But if
inserting ".jsp" before "/WEB-INF/" .Resin server to
send back the content of Env.java.
Exploits:
==========
http://Resin1.*:8080/.jsp/WEB-INF/classes/Env.java
It is possible to cause the Resin server to send back
the content of Env.java.Remote Attackers can view
any known JavaBean file.
solution:
=========
I can not get any file outside the app-dir. maybe you
can modify resin.conf.
DISCLAIMS:
========
THE INFORMATION PROVIDED IS RELEASED BY
CHINANSL "AS IS" WITHOUT WARRANTY OF
ANYKIND. CHINANSL DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED,
EXCEPT FOR THE WARRANTIES OF
MERCHANTABILITY. IN NO EVENTSHALL
CHINANSL BE LIABLE FOR ANY DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL,CONSEQUENTIAL, LOSS OF
BUSINESS PROFITS OR SPECIAL DAMAGES,
EVEN IF CHINANSL HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. DISTRIBUTION
OR REPRODUTION OF THE INFORMATION IS
PROVIDED THAT THE ADVISORY IS NOT
MODIFIED IN ANY WAY.
Copyright 2000-2001 CHINANSL. All Rights
Reserved. Terms of use.
CHINANSL Security Team
lovehacker@chinansl.com
CHINANSL INFORMATION TECHNOLOGY CO.,LTD
(http://www.chinansl.com)
