JSP vulnerability overview (3)

Source: Internet
Author: User
Tags file system websphere application server
Allaire JRUN 2.3 remote command execution vulnerability
Allaire's JRUN Server 2.3 has a security vulnerability that allows remote users to compile/execute arbitrary files on the WEB server as JSP code.
If the target file of the URL request uses the prefix "/servlet/", The JSP interpretation execution function is activated. When "../" is used in the target file path requested by the user, it is possible to access files other than the root directory on the WEB server. Using this vulnerability to request a file generated by the user input on the target host will seriously threaten the security of the target host system.
For example:
Http: // jrun: 8000/servlet/com. livesoftware. jrun. plugins. jsp. JSP/.../../path/to/temp.txt
Http: // jrun: 8000/servlet/jsp/.../../path/to/temp.txt
Affected system: Allaire JRun 2.3.x
Solution: Download and install the patch:
Allaire patch jr233p_ASB00_28_29
Http://download.allaire.com/jrun/jr233p_ASB00_28_29.zip
Windows 95/98/NT/2000 and Windows NT Alpha
Allaire patch jr233p_ASB00_28_29tar
Http://download.allaire.com/jrun/jr233p_ASB00_28_29.tar.gz
UNIX/Linux patch-GNU gzip/tar
JRun 2.3.x sample file exposes site security information
JRun 2.3.x contains some servlet sample files in the JRUN_HOME/servlets Directory. This directory is JRun 2.3.x used to load and execute the servlets files. All files with the extension ". Java" or "class" must be deleted because these files expose the security information of the site. For example:
The http://www.xxx.xxx/servlet/SessionServlet exposes the HTTP connection information maintained by the current server. Contents in the JRUN_HOME/jsm-default/services/jws/htdocs directory should also be deleted. This directory stores the & acute;. jsp & acute; files that demonstrate the server function. Some of these files involve accessing the server file system and exposing server settings. For example, the path check for the file "viewsource. jsp" is disabled by default and can be used to access the file system on the server.
Solution:
1) install 2.3.3 service pack
2) delete all instruction documents, Demo Codes, examples, and teaching materials from the server, including the documents stored in the JRUN_HOME/servlets directory and JRUN_HOME/jsm-default/services/jws/htdocs directory when JRun 2.3.x is installed.
Related sites: http://www.allaire.com/
What are the vulnerabilities of IBM WebSphere Application Server?
1. IBM WebSphere Application Server 3.0.2 exposed source code vulnerability
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.