 |
|
|
Family: Databases --> Category: infos
Oracle Jserv Executes outside of doc_root Vulnerability Scan
Vulnerability Scan Summary
Oracle Jserv Server type and version
Detailed Explanation for this Vulnerability Test
Detects Vulnerability in the execution of JSPs outside
doc_root.
A potential security vulnerability has been discovered in
Oracle JSP releases 1.0.x through 1.1.1 (in
Apache/Jserv). This vulnerability permits access to and
execution of unintended JSP files outside the doc_root in
Apache/Jserv. For example, accessing
http://www.example.com/a.jsp//..//..//..//..//..//../b.jsp
will execute b.jsp outside the doc_root instead of a.jsp
if there is a b.jsp file in the matching directory.
Further, Jserv Releases 1.0.x - 1.0.2 have additional
vulnerability:
Due to a bug in Apache/Jserv path translation, any
URL that looks like:
http://host:port/servlets/a.jsp, makes Oracle JSP
execute 'd:\servlets\a.jsp' if such a directory
path actually exists. Thus, a URL virtual path, an
actual directory path and the Oracle JSP name
(when using Oracle Apache/JServ) must match for
this potential vulnerability to occur.
Vulnerable systems:
Oracle8i Release 8.1.7, iAS Release version 1.0.2
Oracle JSP, Apache/JServ Releases version 1.0.x - 1.1.1
Solution:
Upgrade to OJSP Release 1.1.2.0.0, available on Oracle
Technology Network's OJSP web site.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
|
|
|
|
