Apache Tomcat DefaultServlet文件泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106991 漏洞类型 未知
发布时间 2002-09-24 更新时间 2008-09-05
CVE编号 CVE-2002-1148 CNNVD-ID CNNVD-200210-257
漏洞平台 Unix CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/21853
https://www.securityfocus.com/bid/5786
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200210-257
|漏洞详情
Tomcat4.0.4版本和4.1.10版本以及之前版本中的默认控制器(org.apache.catalina.servlets.DefaultServlet)存在漏洞,远程攻击者可以借助到控制器的直接请求读取服务器文件的源代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/5786/info

The servlet 'org.apache.catalina.servlets.DefaultServlet' is included with Apache Tomcat by default. It is possible to use this servlet to view contents of files within the webroot. This includes JSP source code, which may contain sensitive data such as database usernames and passwords.

http://target/admin/servlet/org.apache.catalina.servlets.DefaultServlet/target.jsp
|受影响的产品
Sun Solaris 9_x86 Sun Solaris 9_sparc Sun Solaris 9 Sun Solaris 10_x86 Sun Solaris 10_sparc Sun Solaris 10 HP VirtualVault 11.0.4 Apache
|参考资料

来源:BID
名称:5786
链接:http://www.securityfocus.com/bid/5786
来源:XF
名称:tomcat-servlet-source-code(10175)
链接:http://www.iss.net/security_center/static/10175.php
来源:REDHAT
名称:RHSA-2002:218
链接:http://www.redhat.com/support/errata/RHSA-2002-218.html
来源:REDHAT
名称:RHSA-2002:217
链接:http://www.redhat.com/support/errata/RHSA-2002-217.html
来源:DEBIAN
名称:DSA-170
链接:http://www.debian.org/security/2002/dsa-170
来源:HP
名称:HPSBUX0212-229
链接:http://online.securityfocus.com/advisories/4758
来源:BUGTRAQ
名称:20020924JSPsourcecodeexposureinTomcat4.x
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103288242014253&w=2