?? 0054.htm
字號:
<html>
<head>
<title>新時代軟件教程:操作系統(tǒng) 主頁制作 服務(wù)器 設(shè)計軟件 網(wǎng)絡(luò)技術(shù) 編程語言 文字編輯</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style>
<!--
body, table {font-size: 9pt; font-family: 宋體}
a {text-decoration:none}
a:hover {color: red;text-decoration:underline}
.1 {background-color: rgb(245,245,245)}
-->
</style>
</head>
<p align="center"><script src="../../1.js"></script></a>
<p align="center"><big><strong>IBM WebSphere JSP源代碼暴露漏洞</strong></big></p>
<div align="right">摘自互聯(lián)網(wǎng)</div>
<p>
bugtraq id 1500 <br>
class Access Validation Error <br>
cve GENERIC-MAP-NOMATCH <br>
remote Yes <br>
local Yes <br>
published July 24, 2000 <br>
updated July 24, 2000 <br>
vulnerable IBM Websphere Application Server 3.0.21<br>
- Sun Solaris 8.0<br>
- Microsoft Windows NT 4.0<br>
- Linux kernel 2.3.x<br>
- IBM AIX 4.3<br>
IBM Websphere Application Server 3.0<br>
- Sun Solaris 8.0<br>
- Novell Netware 5.0<br>
- Microsoft Windows NT 4.0<br>
- Linux kernel 2.3.x<br>
- IBM AIX 4.3<br>
IBM Websphere Application Server 2.0<br>
- Sun Solaris 8.0<br>
- Novell Netware 5.0<br>
- Microsoft Windows NT 4.0<br>
- Linux kernel 2.3.x<br>
- IBM AIX 4.3 <br>
<br>
Certain versions of the IBM WebSphere application server ship with a vulnerability which allows malicious users to view the source of any document which resides in the web document root directory.<br>
<br>
This is possible via a flaw which allows a default servlet (different servlets are used to parse different types of content, JHTML, HTMl, JSP, etc.) This default servlet will display the document/page without parsing/compiling it hence allowing the code to be viewed by the end user. <br>
<br>
The Foundstone, Inc. advisory which covered this problem detailed the following method of verifying the vulnerability - full text of this advisory is available in the 'Credit' section of this entry:<br>
<br>
"It is easy to verify this vulnerability for a given system. Prefixing the path to web pages with "/servlet/file/" in the URL causes the file to be displayed without being<br>
parsed or compiled. For example if the URL for a file "login.jsp" is:<br>
<br>
http://site.running.websphere/login.jsp<br>
<br>
then accessing<br>
<br>
http://site.running.websphere/servlet/file/login.jsp<br>
<br>
would cause the unparsed contents of the file to show up in the web browser." <br>
</p>
</table>
<p align="center"><script src="../../2.js"></script></a>
</body>
</html>
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -