IDC资讯中心 bugtraq id 1328
class Design Error
cve CVE-2000-0499
remote Yes
local Yes
published June 08, 2000
updated November 10, 2000
vulnerable BEA Systems Weblogic 4.5.1
– Microsoft Windows NT 4.0
BEA Systems Weblogic 4.0.4
– Microsoft Windows NT 4.0
BEA Systems Weblogic 3.1.8
– Microsoft Windows NT 4.0
IBM Websphere Application Server 3.0.21
– Sun Solaris 8.0
– Microsoft Windows NT 4.0
– Linux kernel 2.3.x
– IBM AIX 4.3
Unify eWave ServletExec 3.0
– Sun Solaris 8.0
– Microsoft Windows 98
– Microsoft Windows NT 4.0
– Microsoft Windows NT 2000
– Linux kernel 2.3.x
– IBM AIX 4.3.2
– HP HP-UX 11.4
Many webservers are case-sensitive, but do not have all possible combinations of cases in mapped extensions mapped properly.
By changing the letters in a JSP or a JHTML file extension from lower case to upper case (eg: .jsp or .jhtml becomes .JSP or .JHTML) in a URL the server does not recognize the file extension and sends the file normally. In that manner, a user is able to access the source code to those specific files.
多中web服务器的通用jsp源代码暴露漏洞_jsp文摘
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com 特别注意:本站所有转载文章言论不代表本站观点! 本站所提供的图片等素材,版权归原作者所有,如需使用,请与原作者联系。未经允许不得转载:IDC资讯中心 » 多中web服务器的通用jsp源代码暴露漏洞_jsp文摘
