Security Issues in the Tomcat web server
From:
Problems with Tomcat Server
has seen a vulnerability where an attacker could
know the full path to the Tomcat web server.
Tomcat web server is certainly one of the most used and estimated
Java world. The servlet container and JSP (Java Server Pages
) is the reference implementation of these
specifications.
In the present case, this security issue is caused
the default installation of Tomcat from a
examples directory for users. This directory contains files like JSP and servlet,
at this location are two servlets, the TroubleShooter
snoopServlet and which are those that allow following a request
know the path of servlets and JSP container and the operating system that runs
by Tomcat. To solve this problem it is recommended the removal of files (SnoopServlet.class and TroubleShooter.class) in the directory
"TOMCAT_HOME \\ webapps \\ examples \\ WEB-INF \\ classes."
Exploit:
http://localhost:8080/examples/servlet/SnoopServlet
http://localhost:8080/examples/servlet/TroubleShooter
Servlets differ from applets in that
basically running on the server and who do not have any graphical interface
since they are totally controlled by a network service
as it could be a server Web.
0 comments:
Post a Comment