You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cocoon.apache.org by Viktors Rotanovs <Vi...@Rotanovs.com> on 2000/11/24 08:41:22 UTC

Fwd: RESIN ServletExec JSP Source Disclosure Vulnerability(IIS 5)

----------  Forwarded Message  ----------
Subject: RESIN ServletExec JSP Source Disclosure Vulnerability(IIS 5)
Date: Thu, 23 Nov 2000 13:10:11 +0800
From: benjurry <be...@YEAH.NET>
To: BUGTRAQ@SECURITYFOCUS.COM

Resintm serves the fastest servlets and JSP. With Java and JavaScript
 support, Resin gives web applications the flexibility to choose the right
 language for the task. Resin's leading XSL (XML stylesheet language) support
 encourages separation of content from formatting. 
 Resin provides a fast
 servlet runner for IIS and PWS, allowing IIS to run servlets and JSP files.
 But On Resin1.2(maybe Resin1.1 also)(Win2k Simplify Chinese
 version),ServletExec will return the source code of JSP files when you chage
 the url to encode  ASCII(That is to say,"%2e" instead of "."). For example,
 the following URL will display the source of the specified JSP file: 
http://benjurry/benjurry%2ejsp
Successful exploitation could lead to the disclosure of sensitive information
 contained within JSP pages.

Solution:
I have reported this bug to the vendor,but they do nothing about it.

Benjurry
benjurry@263.net
2000.11.22
Share what I konw,Learn what I don't

-------------------------------------------------------