- JSP开发前菜鸟设置篇
- JSP开发入门(三)--JSP与JavaBean
- JSP和Struts解决用户退出问题
- JSP分页
- 关于JSP中JavaBean的Scope属性
- JBuilder2005实战JSP之登录页面(2)
- 在JSP中使用Spring
- 用按钮调用jsp代码怎么写?
- 入门教程:JSP标准模板库(上)
- jsp实现图形验证码
- JSP数据库连接池的必要性
- jsp中的数据库编程
- 从原理上解决Tomcat中文问题
- JSP+MySQL 无法插入中文问题(Data too long ...)
- Servlet、Jsp中的多国语言显示
- [视频教程]张志宇SERVLET JSP视频教程12_session_01
- 打造安全的Tomcat服务器
- jsp留言板源代码一: 给jsp初学者.
- JSP显示内容缓存技巧
- 入门教程:JSP标准模板库(下)
- JSP实践要点
- 用定制标签库和配置文件实现对JSP页面元素的访问控制
- 通过Jsp发送动态图像
- JSP+JavaBean架构遇到的问题
- 用Request对象防止JSP缓存机制
- JSP应用语法详解大全 (3)
- JSP由浅入深(3)—— 通过表达式增加动态内容
- jsp的八个隐含对象
- 基于JSP技术的网络教学平台设计
- 实例讲解JSP Model2体系结构(上)
多中WEB服务器的通用JSp源代码暴露漏洞
作者:佚名 jsp网站建设开发编辑:admin 更新时间:2022-07-23
bugtraq id 1328
class Design Error
cve CVE-2000-0499
remote Yes
local Yes
published June 08, 2000
updated November 10, 2000
vulnerable BEA Systems Weblogic 4.5.1
- Microsoft Windows NT 4.0
BEA Systems Weblogic 4.0.4
- Microsoft Windows NT 4.0
BEA Systems Weblogic 3.1.8
- Microsoft Windows NT 4.0
IBM Websphere application Server 3.0.21
- Sun Solaris 8.0
- Microsoft Windows NT 4.0
- linux kernel 2.3.x
- IBM AIX 4.3
Unify eWave ServletExec 3.0
- Sun Solaris 8.0
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- Microsoft Windows NT 2000
- Linux kernel 2.3.x
- IBM AIX 4.3.2
- HP HP-UX 11.4
Many webservers are case-sensitive, but do not have all possible combinations of cases in mapped extensions mapped PRoperly.
By changing the letters in a jsp or a JHTML file extension from lower case to upper case (eg: .jsp or .jhtml becomes .JSP or .JHTML) in a URL the server does not recognize the file extension and sends the file normally. In that manner, a user is able to access the source code to those specific files.
class Design Error
cve CVE-2000-0499
remote Yes
local Yes
published June 08, 2000
updated November 10, 2000
vulnerable BEA Systems Weblogic 4.5.1
- Microsoft Windows NT 4.0
BEA Systems Weblogic 4.0.4
- Microsoft Windows NT 4.0
BEA Systems Weblogic 3.1.8
- Microsoft Windows NT 4.0
IBM Websphere application Server 3.0.21
- Sun Solaris 8.0
- Microsoft Windows NT 4.0
- linux kernel 2.3.x
- IBM AIX 4.3
Unify eWave ServletExec 3.0
- Sun Solaris 8.0
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- Microsoft Windows NT 2000
- Linux kernel 2.3.x
- IBM AIX 4.3.2
- HP HP-UX 11.4
Many webservers are case-sensitive, but do not have all possible combinations of cases in mapped extensions mapped PRoperly.
By changing the letters in a jsp or a JHTML file extension from lower case to upper case (eg: .jsp or .jhtml becomes .JSP or .JHTML) in a URL the server does not recognize the file extension and sends the file normally. In that manner, a user is able to access the source code to those specific files.
- 上一篇文章: Tomcat 暴露JSP文件内容
- 下一篇文章: 一个开发人员眼中的JSP技术(上)