Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: unify2.htm

ServletExec 3.0c Multiple Vulnerabilities



    Unify eWave ServletExec 3.0C


    Following is based on a Foundstone Labs FS-103000-15-SRVX Security
    Advisory  by  Shreeraj  Shah,  Saumil  Shah  and  Stuart  McClure.
    Unify's eWave ServletExec is a JSP and a Java Servlet engine which
    is to be  used as a  plug-in to popular  web servers like  Apache,
    IIS, Netscape, etc.

    It is possible to send a URL request which causes the  ServletExec
    servlet engine to terminate abruptly.  The web server, however, is
    not affected.

    It is  possible to  forcibly invoke  any servlet  by prefixing the
    path to  servlet with  "/servlet/" in  the URL.  A servlet  called
    "ServletExec" is present in the server side classes.

    Invoking the "ServletExec"  servlet via forced  servlet invocation
    causes the servlet engine to  re-initialize and attempt to bind  a
    server thread on  port 80. If  the server is  already running, the
    port binding causes an exception and the servlet engine terminates

    For example, if ServletExec is running on as a plug-in to
    a web server on port 80, an attacker can open a connection to port
    80 and  make the  following GET  request that  causes the  servlet
    engine to terminate abruptly.

        nc 80
        GET /servlet/ServletExec HTTP/1.0

    Or simply access the URL  from
    a browser to the same effect.

    ServletExec generates and kills the servlet
    engine.  The following gets recorded in the log file:

        Received an exception when starting ServletExec: Address in use: bind


    Upgrade to ServletExec version 3.0E, available at:

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH