The server vulnerability is the origin of security problems, the hacker attacks on the site are mostly from the search for each other's vulnerabilities began. Therefore, only by understanding their own vulnerabilities, site managers can take appropriate countermeasures to prevent foreign attacks. Here are some common vulnerabilities for servers, including Web servers and JSP servers.
What's wrong with Apache leaking any rewritten file vulnerabilities?
There is a mod_rewrite module in Apache1.2 and later versions that specifies the absolute path that special URLs map on the network server file system. If you pass an overriding rule that contains the correct expression parameters, an attacker can view arbitrary files on the target host.
The following examples illustrate the overriding rule directives (where the first line contains only the vulnerabilities):
How do I resolve to expose a JSP source code file by adding special characters to an HTTP request?
Unify Ewave Servletexec is a Java/java Servlet engine plug-in that is used primarily for WEB servers, such as Microsoft IIS, Apache, Netscape Enterprise servers, and so on.
When one of the following characters is added to an HTTP request, SERVLETEXEC returns the JSP source code file.
.
%2e
+
%2b
\
%5c
%20
%00
A successful exploit would result in the disclosure of the source code for the specified JSP file, for example: using any of the following URL requests to output the source of the specified JSP file:
1) Unify Ewave servletexec 3.0c
2) Sun Solaris 8.0
3) Microsoft Windows 98
4) Microsoft Windows NT 4.0
5) Microsoft Windows NT 2000
6) Linux Kernel 2.3.x
7 IBM AIX 4.3.2
8 HP-UX 11.4
Solution:
If you do not use any static pages or images, you can configure a default servlet and map "/" to this default servlet. This default servlet is invoked when a URL that is not mapped to a servlet is received. In this case, the default servlet can simply return "files not found". If you use a static page or image, you can still make such a configuration, but you need to have this default servlet handle requests for legitimate static pages and images.
Another possibility is to map *.jsp+, *.jsp. and *.jsp\ to a servlet that simply returns "files not found." For cases such as *.jsp%00 and *.jsp%20, mappings should be entered in an encoded form. For example, you should enter "*.jsp" for *.jsp%20 mappings. Note that the%20 is converted to a space character.
What are the vulnerabilities of Tomcat?
Tomcat 3.1 has exposure site path problems
Tomcat 3.1 is a software developed in the Apache software environment that supports JSP 1.1 and Servlets 2.2. It has a security problem when sending a nonexistent JSP request exposes the full path of the Web page on the Web site.
The results show:
error:404
Location:/anything.jsp
JSP file "/appsrv2/jakarta-tomcat/webapps/root/anything.jsp" not Found
Solution: Upgrade to new version
Tomcat exposes JSP file contents
Files in the Java Server Pages (JSP) type are registered with the '. JSP ' extension on Tomcat, and Tomcat is file-case sensitive, '. jsp ' and '. JSP ' is a different type of file name extension. If submitted with '. JSP ' link to Tomcat, and Tomcat cannot find '. The JSP ' will respond to the request with the default '. Text ' file type. Because uppercase and lowercase filenames are not sensitive in the NT system, the requested file is sent in the form of text.
If the "File not found" error message appears on the UNIX server.
How to implement code protection for Tomcat under Windows
Some versions of Tomcat have leaked source code vulnerabilities, if you call the JSP page in the browser to the file suffix to uppercase, the JSP file source code will be fully exported to the browser (perhaps there is nothing in the browser window, then you only need to view the HTML source file can be found). So, is the source code of the website will be exposed on the internet?
Do not worry, the solution is very simple, the combination of all kinds of suffixes written to tomcat_home\conf \web.xml can be, so that Tomcat will be different suffix name JSP treated separately, will not reveal the code.
Jsp
*.jsp
Jsp
*.jsp
? lt;servlet-name>jsp
*.jsp
Jsp
*.jsp
Jsp
*. Jsp
Jsp
*. Jsp
Jsp
*. Jsp
Jsp
*. Jsp
What are the vulnerabilities of Allair jrun vulnerabilities?
Allair JRUN Illegal Read Web-inf vulnerability
There is a serious security vulnerability in the Allaire version of JRUN Server 2.3. It allows an attacker to view the Web-inf directory in the JRun 3.0 server.
If a user submits a URL request by appending a "/" to make the URL a malformed URL, then all subdirectories under Web-inf will be exposed. An attacker who exploits this vulnerability would be able to remotely obtain read access to all files in the Web-inf directory on the target host system.
For example, using the following URL will expose all files under Web-inf:
http://site.running.jrun:8100//WEB-INF/
Affected Systems: Allaire JRun 3.0
Solution: Download and install the Patch:
Allaire Patch Jr233p_asb00_28_29
Http://download.allaire.com/jrun/jr233p_ASB00_28_29.zip
Windows 95/98/nt/2000 and Windows NT Alpha
Allaire Patch Jr233p_asb00_28_29tar
Http://download.allaire.com/jrun/jr233p_ASB00_28_29.tar.gz
Unix/linux Patch-gnu Gzip/tar
Allaire JRUN 2.3 View Any file vulnerabilities
A multiple display code vulnerability exists on the Allaire JRUN server 2.3. This vulnerability allows an attacker to view the source code of any file in the root directory on the WEB server.
JRun 2.3 uses Java Servlets to parse various types of pages (for example, HTML, JSP, and so on). Based on rules.properties and servlets.properties file settings, any servlet may be invoked using the URL prefix "/servlet/".
It may use the Jrun ssifilter servlet to retrieve arbitrary files on the target system. The following 2 examples show URLs that can be used to retrieve arbitrary files:
Note: Assume that JRun is running on the host "JRun", Port 8000.
Affected systems: Allaire JRun 2.3.x
Solution: Download and install the Patch:
Allaire Patch Jr233p_asb00_28_29
Http://download.allaire.com/jrun/jr233p_ASB00_28_29.zip
Windows 95/98/nt/2000 and Windows NT Alpha
Allaire Patch Jr233p_asb00_28_29tar
Http://download.allaire.com/jrun/jr233p_ASB00_28_29.tar.gz
Unix/linux Patch-gnu Gzip/tar
Allaire JRUN 2.3 Remote execution of arbitrary command vulnerabilities
A security vulnerability exists on Allaire's JRUN server 2.3 that allows remote users to compile/execute arbitrary files on the WEB server as JSP code. If the target file for the URL request uses the prefix "/servlet/", the JSP interpretation execution function is activated. In the target file path requested by the user, use the ".. /, it is possible to access files outside the root directory on the WEB server. Using this vulnerability on the target host to request a file from user input will seriously threaten the security of the target host system.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
