|
|
| |
| Resin server enables serving of servlets and JSP, having both Java and JavaScript support. Due to incorrect parsing of URLs, attackers can view the original content of the JSP file instead of the result of the execution of the JSP file. |
| |
Credit:
The information has been provided by benjurry.
|
| |
Vulnerable systems:
Resin version 1.1.5 (Windows platform)
Resin version 1.2.b2 (Windows platform)
Immune systems:
Resin version 1.2 (non beta)
Resin provides a standalone web server. The standalone web server is ideal for evaluation or experimentation and is a good choice as the web server for many sites.
But Resin's ServletExec will return the source code of JSP files when an HTTP request will have any of the following:
1) An appended "../", ".." at the end of the request.
2) The '.' will is replaced with a %2E (the '.jsp' extension dot replacing or the '../' dot replacing).
3) Adding "%81" or "%82" at the end.
For example, the following URL will display the source of the specified JSP file:
http://www.example.com/example.jsp../
http://www.example.com/example%2Ejsp
http://www.example.com/example.jsp..
http://www.example.com/example.jsp%81
Successful exploitation could lead to the disclosure of sensitive information contained within JSP pages.
Solution:
Upgrade to the latest version of Resin1.2.
|
|
|
|
|
