Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: tomcat6.htm

Tomcat 4.0-b2 for winnt/2000 show source vulnerability



    Tomcat 4.0-b2 for winnt/2000


    'lovehacker'   found   following   (CHINANSL   Security   Advisory
    CSA-200110).  A security  vulnerability has been found  in Windows
    NT/2000  systems   that  have   Tomcat  4.0-b2   installed.    The
    vulnerability allows remote attackers to get ".jsp" source.



    Sverre  H.  Huseby   added  following.    Tomcat,  the   Reference
    Implementation for the Java  Servlet 2.2 and JavaServer  Pages 1.1
    Technologies, may be tricked into revealing the source code of JSP
    scripts by using simple URL encoding.  It seems that the built  in
    web server in affected versions of Tomcat does URL decoding twice.
    URLs like the following

    where %25 is an URL encoded  '%', and 70 is the hexadecimal  value
    for 'p', returns the source code of index.jsp rather than  running
    the script on the server side.

    To speculate (read: guess): The JSP handler is skipped as this URL
    does not end  in ".jsp" (after  URL decoding the  first time), but
    the static file handler is  nevertheless able to map the  URL into
    a correct file name (doing URL decoding a second time).

    This design error  makes it possible  to fetch the  source code of
    JSP scripts.  Such source code may contain database passwords  and
    file names, and may reveal design errors or programming bugs  that
    make it possible to further exploit the server or service.


    The Tomcat team  was notified on  2001-04-01, and they  provided a
    fix on 2001-04-03.   Everybody should upgrade  to at least  Tomcat
    4.0 beta 3.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH