exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed

Files from Javier Castro

First Active2011-11-01
Last Active2011-11-01
IBM WebSphere Directory Traversal
Posted Nov 1, 2011
Authored by Digital Defense, r@b13$, sxkeebler, Javier Castro | Site digitaldefense.net

The default installation of the IBM WebSphere Application Server is deployed with a 'help' servlet which is designed to serve supporting documentation for the WebSphere system. When the 'help' servlet processes a URL that contains a reference to a Java plug-in Bundle that is registered with the Eclipse Platform Runtime Environment of the WebSphere Application Server, the 'help' servlet fails to ensure that the submitted URL refers to a file that is both located within the web root of the servlet and is of a type that is allowed to be served. An unauthenticated remote attacker can use this weakness in the 'help' servlet to retrieve arbitrary system files from the host that is running the 'help' servlet. This can be accomplished by submitting a URL which refers to a registered Java plug-in Bundle followed by a relative path to the desired file.

tags | advisory, java, remote, web, arbitrary, root
advisories | CVE-2011-1359
SHA-256 | 4adf33603b356ff3b73d86dd885c7fef8b16304d70e5775f89788b5d0609f5d3
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close