| VID |
22088 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The ServletExec ISAPI filter allows to read files within the webroot.
ServletExec 4.1 ISAPI is a Java Servlet/JSP Engine for IIS(Internet Information Server) and is implemented as an ISAPI filter. The JSP functionality is provided by a servlet which is enabled by default and allows to read the files within the webroot. By invoking the JSP10Servlet (or simply JSPServlet) using the malformed URL, it is possible to read the contents of files within the webroot that would not normally be accessible (global.asa, for example.)
When attempting to retrieve ASP pages it is common to see many errors due to their similarity to JSP pages in syntax, and hence only fragments of these pages are returned. Text files can generally be read without problem. It did not appear to be possible to 'break out' of the web root and read files from other parts of the file system.
For instance, you can test this problem by a request such as :
/servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5c\global.asa |
| Recommendation |
Download and install Patch #9 from ftp://ftp.newatlanta.com/public/4_1/patches/ |
| Related URL |
CVE-2002-0892 (CVE) |
| Related URL |
4793 (SecurityFocus) |
| Related URL |
9139 (ISS) |
|
