[NT] Resin view_source.jsp Arbitrary File Reading
From: support@securiteam.comDate: 06/17/02
- Previous message: support@securiteam.com: "[NT] Resin Large Parameter Denial of Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Mon, 17 Jun 2002 20:39:47 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Resin view_source.jsp Arbitrary File Reading
------------------------------------------------------------------------
SUMMARY
In a default installation of <http://www.caucho.com/> Resin server, the
examples folder will be installed as well. This folder contains a JSP
script that can be used to view arbitrary file contents with the
permissions of the web service.
DETAILS
Vulnerable systems:
* view_source.jsp from Resin 2.1.2 standalone on Windows 2000 Server
The sample script view_source.jsp tries to chroot to the folder where it
is located. If you look at the source code, it says:
"// Chroot to the current directory so no one can use this as a p
// security hold"
Attempts to use /../ to break out of the examples folder are also foiled
by the script. However, if you replace the /../ with \..\ you can access
any file on the drive that Resin has access to.
Corrective action:
Remove the examples folder from your website.
ADDITIONAL INFORMATION
The information has been provided by <mailto:pgrundl@kpmg.dk> Peter
Gründl.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Resin Large Parameter Denial of Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
