[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : RESIN ServletExec JSP Source Disclosure Vulnerability

Title: RESIN ServletExec JSP Source Disclosure Vulnerability
Released by: benjurry
Date: 23rd November 2000
Printable version: Click here 
Resintm serves the fastest servlets and JSP. With Java and JavaScript support, Resin gives web applications the flexibility to choose the right language for the task. Resin's leading XSL (XML stylesheet language) support encourages separation of content from formatting. 

Resin provides a fast servlet runner for Apache, allowing Apache to run servlets and JSP files. 



But On Resin1.2(maybe Resin1.1 also) with Win32(Win2k Simplify Chinese version)Apache ,ServletExec will return the source code of JSP files when a HTTP request is appended with one of the following characters:



".."

"%2e.."

"%81"

"%82"

........





"%fe"

For example, the following URL will display the source of the specified JSP file:



http://benjurry/benjurry.jsp..



http://benjurry/benjurry.jsp%81



Successful exploitation could lead to the disclosure of sensitive information contained within JSP pages.







Solution:



I have reported this bug to the vendor,but they do nothing about it.







Benjurry

benjurry@263.net

2000.11.22



Share what I konw,Learn what I don't






(C) 1999-2000 All rights reserved.