ecurity Advisory(CSA-200111)

2001-04-04T00:00:00
ID SECURITYVULNS:DOC:1462
Type securityvulns
Reporter Securityvulns
Modified 2001-04-04T00:00:00

Description

Topic: Resin 1.2.* & 1.3b1 Javabean file disclosure vulnerability

vulnerable:

winnt/2000(maybe other operating system also) +Resin 1.2.* +Resin 1.3b1

discussion:

A security vulnerability has been found in Windows NT/2000 systems that have Resin 1.2. or Resin 1.3b1 installed. The vulnerability allows remote attackers to view Javabean file in Forbidden directory. For example: http://Resin1.:8080/WEB-INF/classes/Env.java The request will be return : 403 Forbidden But if inserting ".jsp" before "/WEB-INF/" .Resin server to send back the content of Env.java.

Exploits:

http://Resin1.*:8080/.jsp/WEB-INF/classes/Env.java It is possible to cause the Resin server to send back the content of Env.java.Remote Attackers can view any known JavaBean file.

solution:

I can not get any file outside the app-dir. maybe you can modify resin.conf.

DISCLAIMS:

THE INFORMATION PROVIDED IS RELEASED BY CHINANSL "AS IS" WITHOUT WARRANTY OF ANYKIND. CHINANSL DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, EXCEPT FOR THE WARRANTIES OF MERCHANTABILITY. IN NO EVENTSHALL CHINANSL BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF CHINANSL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. DISTRIBUTION OR REPRODUTION OF THE INFORMATION IS PROVIDED THAT THE ADVISORY IS NOT MODIFIED IN ANY WAY.

Copyright 2000-2001 CHINANSL. All Rights Reserved. Terms of use. CHINANSL Security Team lovehacker@chinansl.com CHINANSL INFORMATION TECHNOLOGY CO.,LTD (http://www.chinansl.com)