IBM WebSphere读取可执行web文件的源代码漏洞。

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105937 漏洞类型 未知
发布时间 2000-07-24 更新时间 2006-08-21
CVE编号 CVE-2000-0652 CNNVD-ID CNNVD-200007-062
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20097
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200007-062
|漏洞详情
IBMWebSphere存在漏洞。远程攻击者通过使用包含"/servlet/file"字符串的URL直接调用默认的InvokerServlet从而读取可执行web文件的源代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/1500/info

Certain versions of the IBM WebSphere application server ship with a vulnerability which allows malicious users to view the source of any document which resides in the web document root directory.

This is possible via a flaw which allows a default servlet (different servlets are used to parse different types of content, JHTML, HTMl, JSP, etc.) This default servlet will display the document/page without parsing/compiling it hence allowing the code to be viewed by the end user. 

"It is easy to verify this vulnerability for a given system. Prefixing the path to web pages with "/servlet/file/" in the URL causes the file to be displayed without being
parsed or compiled. For example if the URL for a file "login.jsp" is:

http://site.running.websphere/login.jsp

then accessing

http://site.running.websphere/servlet/file/login.jsp

would cause the unparsed contents of the file to show up in the web browser."
|参考资料

来源:BID
名称:1500
链接:http://www.securityfocus.com/bid/1500
来源:BUGTRAQ
名称:20000723IBMWebSpheredefaultservlethandlershowcodevulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2000-07/0342.html
来源:XF
名称:websphere-showcode
链接:http://xforce.iss.net/static/5012.php