当前位置:web 服务器 > Tomcat >>
答案:bugtraq id 1532
class Design Error
cve GENERIC-MAP-NOMATCH
remote Yes
local No
published July 20, 2000
updated August 02, 2000
vulnerable Apache Group Tomcat 3.1
- Sun Solaris 8.0
- Sun Solaris 7.0
- SGI IRIX 6.5
- SGI IRIX 6.4
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Digital UNIX 4.0
- Debian Linux 2.2
- Debian Linux 2.1
- Connectiva Linux 5.1
- Caldera OpenLinux 2.4
- BSDI BSD/OS 4.0
Apache Group Tomcat 3.0
A vulnerability exists in the snoop servlet portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent file with the .snp extension, too much information is presented by the server as part of the error message. This information may be useful to a would be attacker in conducting further attacks. This information includes full paths, OS information, and other information that may be sensitive.
http://narco.guerrilla.sucks.co:8080/examples/jsp/snp/anything.snp
====
Snoop Servlet
Servlet init parameters:
Context init parameters:
Context attributes:
javax.servlet.context.tempdir =
/appsrv2/jakarta-tomcat/work/localhost_8080%2Fexamples
sun.servlet.workdir =
/appsrv2/jakarta-tomcat/work/localhost_8080%2Fexamples
Request attributes:
Servlet Name: snoop
Protocol: HTTP/1.0
Scheme: http
Server Name: narco.goverment.sucks.co
Server Port: 8080
Server Info: Tomcat Web Server/3.1 (JSP 1.1; Servlet 2.2; Java 1.1.8; AIX
4.2 POWER_RS; java.vendor=IBM Corporation)
Remote Addr: xxx.xxx.xxx.xxx
Remote Host: xxx.xxx.xxx.xxx
Character Encoding: null
Content Length: -1
Content Type: null
Locale: en
Default Response Buffer: 8192
Parameter names in this request:
Headers in this request:
Host: narco.goverment.sucks.co:8080
Accept-Encoding: gzip
Cookie: JSESSIONID=To1212mC7833304641226407At
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png,
*/*
Connection: Keep-Alive
Accept-Charset: iso-8859-1,*,utf-8
User-Agent: Mozilla/4.51 [en] (Winsucks; I)
Accept-Language: en
Cookies in this request:
JSESSIONID = To1212mC7833304641226407At
Request Is Secure: false
Auth Type: null
HTTP Method: GET
Remote User: null
Request URI: /examples/jsp/snp/anything.snp
Context Path: /examples
Servlet Path: /jsp/snp/anything.snp
Path Info: null
Path Trans: null
Query String: null
Requested Session Id: To1212mC7833304641226407At
Current Session Id: To1212mC7833304641226407At
Session Created Time: 964047263477
Session Last Accessed Time: 964047528749
Session Max Inactive Interval Seconds: 1800
Session values:
numguess = num.NumberGuessBean@6bfa9a1
上一个:IBM WebSphere JSP源代码暴露漏洞
下一个:Tomcat IIS HowTo:将Tomcat装入IIS全攻略
- 更多Tomcat疑问解答:
- 谁知道为啥jsp在tomcat中总是失败啊
- 我想用jsp+oracle做一个网站,请问需要安装什么开发工具?除了oracle数据库,tomcat,eclipse还需要装什么
- 用jsp做网页,为什么代码改变了之后,在tomcat上的效果却没有变化。查看源文件居然还是未修改过时的代码。
- 求好心高手,用Tomcat调试一个jsp网站的源码过程通过QQ远程给本菜鸟看一下,不甚感激QQ:1486697000
- jsp+tomcat+sql2005
- JSP+JavaBean,Web容器使用tomcat。实现一个Web应用,供多人使用,用来存放通讯录
- 请教JSP中<%@ page language=javascript %>这句话是不是错误的。我用的是tomcat,书上用的是Resin...
- 用TOMCAT打不开JSP的网页 启动后只要是打开JSP页面就出现500错误
- tomcat启动了,但是就是访问不到JSP页面,显示的是找不到站点。。。不知道哪里出了问题。。求高手!!
- JSP+microsoft sql server+tomcat 用户登录代码
- Tomcat运行JSP后提示缺失关键字
- 华为软件研发用的开发工具是什么? vs eclipse tomcat oracle vc?
- tomcat下的程序能访问的必要条件
- 求一个TOMCAT+JSP+MYSQL环境配置教程 jdk 7 和 tomcat 7 的
- 010401_【第04章:Tomcat服务器的安装及配置】的解压码???