| VID |
22161 |
| Severity |
30 |
| Port |
8080 |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The Apache Tomcat server has a JSP source revealing vulnerability via a double encoding URL request.
Apache Tomcat is a Java application server used with Apache HTTP Server to support JavaServer Pages (JSP) and Java servlets. Jakarta Tomcat versions 4.0-b2 and earlier are vulnerable to source code exposure by using simple URL encoding. A remote attacker can send a specially-crafted URL request for a known JavaServer Pages (JSP) to bypass protection and obtain the source code of the requested JSP page, and possibly obtain database passwords and file names.
You can test this flaw by issuing the URL request like the following using your web browser:
http://example.com:8080/index.js%2570
Where %25 is an URL encoded '%', and 70 is the hexadecimal value for 'p', returns the source code of index.jsp rather than running the script on the server side.
* Platforms Affected:
Tomcat 4.0-b2 and earlier
UNIX/Linux Any version
Windows Any version
* References:
http://online.securityfocus.com/bid/2527
http://www.iss.net/security_center/static/6316.php
http://www.securiteam.com/unixfocus/5RP0F0U4KA.html |
| Recommendation |
Upgrade to the latest release of Jakarta Tomcat (4.0 Beta3 or later), available from the Jakarta Web site, http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
