sunjavaapp.txt

sunjavaapp.txt: Posted May 28, 2004; Authored by Marc Schoenefeld; Sun-Java-App-Server PE version 8.0 suffers from a path disclosure vulnerability when returning server error 500 pages.; tags | advisory, java; SHA-256 | 80f7cd44aca210a567313a3abe3eec919dc378cf120eb973210189e875ca9082; Download | Favorite | View

sunjavaapp.txt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

when doing the following requests consequently against a Sun-Java-App-Server
PE 8.0 a Windows Box

http://127.0.0.1:8080////
http://127.0.0.1:8080////CON

you get a HTTP 500 Error, which reveals the installation path and the fact
that the server  is running on a WinDos box (see details below) ....

Cheers
Marc

:

HTTP Status 500 -

type Exception report

message

description The server encountered an internal error () that prevented it
from fulfilling this request.

exception

java.io.FileNotFoundException:
C:\Programme\Sun\AppServer\domains\domain1\docroot\CON (Zugriff verweigert)
   java.io.FileInputStream.open(Native
Method)
   java.io.FileInputStream.(FileInputStream.java:106)

org.apache.naming.resources.FileDirContext$FileResource.streamContent(FileDi
rContext.java:1060)

org.apache.catalina.servlets.DefaultServlet$ResourceInfo.getStream(DefaultSe
rvlet.java:2504)

org.apache.catalina.servlets.DefaultServlet.copy(DefaultServlet.java:1938)

org.apache.catalina.servlets.DefaultServlet.serveResource(DefaultServlet.jav
a:1057)

org.apache.catalina.servlets.DefaultServlet.doGet(DefaultServlet.java:518)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:748)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:861)
   sun.reflect.GeneratedMethodAccessor67.invoke(Unknown
Source)

sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
   java.lang.reflect.Method.invoke(Method.java:324)
   org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:289)
   java.security.AccessController.doPrivileged(Native
Method)
   javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
   org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)

org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:20
5)

note The full stack trace of the root cause is available in the
Sun-Java-System/Application-Server-PE-8.0 logs.
Sun-Java-System/Application-Server-PE-8.0



- --

Never be afraid to try something new. Remember, amateurs built the
ark; professionals built the Titanic. -- Anonymous

Marc Schönefeld Dipl. Wirtsch.-Inf. / Software Developer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (AIX)

iD8DBQFAtTIPqCaQvrKNUNQRAptIAJ0YV+gpcM3yyffoLKe5l2eLcESytwCfdggj
drtNJzHEUkeMF/v+o2VaDw4=
=/RwK
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

sunjavaapp.txt

sunjavaapp.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

sunjavaapp.txt

Share This

sunjavaapp.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems