 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.10814 |
| Categoría: | Web Servers |
| Título: | Allaire/Macromedia JRun Directory Browsing Vulnerability (MPSB01-13) - Active Check |
| Resumen: | Allaire JRun 3.0/3.1 under a Microsoft IIS 4.0/5.0 platform has a; problem handling malformed URLs. This allows a remote user to browse; the file system under the web root (normally \inetpub\wwwroot). |
| Descripción: | Summary: Allaire JRun 3.0/3.1 under a Microsoft IIS 4.0/5.0 platform has a problem handling malformed URLs. This allows a remote user to browse the file system under the web root (normally \inetpub\wwwroot). Vulnerability Insight: Upon sending a specially formed request to the web server, containing a '.jsp' extension makes the JRun handle the request. Example: http://example.com/%3f.jsp Vulnerability Impact: This vulnerability allows anyone with remote access to the web server to browse it and any directory within the web root. Affected Software/OS: Under Windows NT/2000 (any service pack) and IIS 4.0/5.0: - JRun 3.0 (all editions) - JRun 3.1 (all editions) Solution: From Macromedia Product Security Bulletin (MPSB01-13) Macromedia recommends, as a best practice, turning off directory browsing for the JRun Default Server in the following applications: - Default Application (the application with '/' mapping that causes the security problem) - Demo Application Also, make sure any newly created web application that uses the '/' mapping has directory browsing off. The changes that need to be made in the JRun Management Console or JMC: - JRun Default Server/Web Applications/Default User Application/File Settings/Directory Browsing Allowed set to FALSE. - JRun Default Server/Web Applications/JRun Demo/File Settings/ Directory Browsing Allowed set to FALSE. Restart the servers after making the changes and the %3f.jsp request should now return a 403 forbidden. When this bug is fixed, the request (regardless of directory browsing setting) should return a '404 page not found'. The directory browsing property is called [file.browsedirs]. Changing the property via the JMC will cause the following changes: JRun 3.0 will write [file.browsedirs=false] in the local.properties file. (server-wide change) JRun 3.1 will write [file.browsedirs=false] in the webapp.properties of the application. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2001-1510 Allaire Security Bulletin: MPSB01-13 http://www.macromedia.com/v1/handlers/index.cfm?ID=22262&Method=Full BugTraq ID: 3592 http://www.securityfocus.com/bid/3592 Bugtraq: 20011128 def-2001-32 (Google Search) http://online.securityfocus.com/archive/1/242843/2002-07-27/2002-08-02/2 Bugtraq: 20011129 RE: def-2001-32 - Allaire JRun directory browsing vulnerability (Google Search) http://online.securityfocus.com/archive/1/243203 Bugtraq: 20011203 Allaire JRun ACL bypassing/soure disclosure vulnerability (Google Search) http://www.securityfocus.com/archive/1/243636 http://www.iss.net/security_center/static/7623.php |
| Copyright | Copyright (C) 2005 Felix Huber |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |