JSP vulnerability Overview (3)

Allaire JRUN 2.3 Remote Command Execution Vulnerability
Allaire's JRUN server 2.3 has a security vulnerability that allows remote users to compile/execute arbitrary files on the WEB server as JSP code.
If the target file of the URL request uses the prefix "/servlet/", the JSP interpretation execution function is activated. When "../" is used in the target file path requested by the user, it is possible to access files other than the root directory on the WEB server. Using this vulnerability to request a file generated by the user input on the target host will seriously threaten the security of the target host system.
For example:
Http: // jrun: 8000/servlet/com. livesoftware. jrun. plugins. jsp. JSP/.../../path/to/temp.txt
Http: // jrun: 8000/servlet/jsp/.../../path/to/temp.txt
Affected System: Allaire JRun 2.3.x
Solution: Download and install the patch:
Allaire patch jr233p_ASB00_28_29
Http://download.allaire.com/jrun/jr233p_ASB00_28_29.zip
Windows 95/98/NT/2000 and Windows NT Alpha
Allaire patch jr233p_ASB00_28_29tar
Http://download.allaire.com/jrun/jr233p_ASB00_28_29.tar.gz
UNIX/Linux patch-GNU gzip/tar
JRun 2.3.x sample file exposes site security information
JRun 2.3.x contains some servlet sample files in the JRUN_HOME/servlets directory. This directory is JRun 2.3.x used to load and execute the servlets files. All files with the extension ". Java" or "class" must be deleted because these files expose the Security Information of the site. For example:
The http://www.xxx.xxx/servlet/SessionServlet exposes the HTTP connection information maintained by the current server. Contents in the JRUN_HOME/jsm-default/services/jws/htdocs Directory should also be deleted. This directory stores the & acute;. jsp & acute; files that demonstrate the server function. Some of these files involve accessing the Server File System and exposing server settings. For example, the path check for the file "viewsource. jsp" is disabled by default and can be used to access the file system on the server.
Solution:
1) install 2.3.3 service pack
2) Delete all instruction documents, demo codes, examples, and teaching materials from the server, including the documents stored in the JRUN_HOME/servlets directory and JRUN_HOME/jsm-default/services/jws/htdocs directory when JRun 2.3.x is installed.
Related Sites: http://www.allaire.com/
What are the vulnerabilities of IBM WebSphere Application Server?
1. IBM WebSphere Application Server 3.0.2 exposed Source Code Vulnerability