CVE-2002-0562
CVSS5.0
发布时间 :2002-07-03 00:00:00
修订时间 :2016-10-17 22:20:37
NMCOS    

[原文]The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.


[CNNVD]Oracle 9iAS OracleJSP泄漏JSP文件信息漏洞(CNNVD-200207-058)

        
        Oracle 9iAS(Application Server)的web服务使用的是Apache Web Server,它提供了多种应用环境,包括SOAP,PL/SQL,XSQL以及JSP。
        Oracle 9iAS的OracleJSP环境中存在一个安全问题,允许远程攻击者获取翻译后的JSP页面的源代码。另外一个问题允许攻击者获取globals.jsa文件的内容。
        当用户向运行OracleJSP的服务器请求一个JSP页面时,该JSP页面会首先被翻译,然后编译、执行,并将执行结果返回给客户端。在此过程中,三个临时文件会被创建。如果请求的JSP页面为"foo.jsp",那三个临时文件就是:
        _foo$__jsp_StaticText.class
        _foo.class
        _foo.java
        它们会被保存在"/_pages"目录下。如果foo.jsp保存在子目录"bar"下,则上述临时文件会保存在"/_pages/_bar"下。由于翻译后的.java文件中包含JSP源代码,而这些文件又都可以直接通过WEB接口访问,攻击者就可能获取一些敏感信息,例如Oracle数据库的用户名和口令。
        另外,如果JSP应用程序使用globals.jsa文件来保存全局设置,攻击者也可以直接访问该文件并获取其内容,如果其中包含一些敏感信息,也同样可能导致较严重的安全问题。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:oracle:application_server:1.0.2Oracle Application Server 9i 1.0.2
cpe:/a:oracle:oracle9i:9.0.1
cpe:/a:oracle:application_server_web_cache:2.0.0.1Oracle Oracle9iAS Web Cache 2.0.0.1
cpe:/a:oracle:application_server_web_cache:2.0.0.0Oracle Oracle9iAS Web Cache 2.0.0.0
cpe:/a:oracle:application_server_web_cache:2.0.0.3Oracle Oracle9iAS Web Cache 2.0.0.3
cpe:/a:oracle:oracle9i:9.0
cpe:/a:oracle:application_server_web_cache:2.0.0.2Oracle Oracle9iAS Web Cache 2.0.0.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0562
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0562
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200207-058
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=101301440005580&w=2
(UNKNOWN)  BUGTRAQ  20020206 JSP translation file access under Oracle 9iAS
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
(VENDOR_ADVISORY)  CONFIRM  http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
http://www.cert.org/advisories/CA-2002-08.html
(VENDOR_ADVISORY)  CERT  CA-2002-08
http://www.kb.cert.org/vuls/id/698467
(UNKNOWN)  CERT-VN  VU#698467
http://www.securityfocus.com/bid/4034
(VENDOR_ADVISORY)  BID  4034

- 漏洞信息

Oracle 9iAS OracleJSP泄漏JSP文件信息漏洞
中危 设计错误
2002-07-03 00:00:00 2005-10-20 00:00:00
远程  
        
        Oracle 9iAS(Application Server)的web服务使用的是Apache Web Server,它提供了多种应用环境,包括SOAP,PL/SQL,XSQL以及JSP。
        Oracle 9iAS的OracleJSP环境中存在一个安全问题,允许远程攻击者获取翻译后的JSP页面的源代码。另外一个问题允许攻击者获取globals.jsa文件的内容。
        当用户向运行OracleJSP的服务器请求一个JSP页面时,该JSP页面会首先被翻译,然后编译、执行,并将执行结果返回给客户端。在此过程中,三个临时文件会被创建。如果请求的JSP页面为"foo.jsp",那三个临时文件就是:
        _foo$__jsp_StaticText.class
        _foo.class
        _foo.java
        它们会被保存在"/_pages"目录下。如果foo.jsp保存在子目录"bar"下,则上述临时文件会保存在"/_pages/_bar"下。由于翻译后的.java文件中包含JSP源代码,而这些文件又都可以直接通过WEB接口访问,攻击者就可能获取一些敏感信息,例如Oracle数据库的用户名和口令。
        另外,如果JSP应用程序使用globals.jsa文件来保存全局设置,攻击者也可以直接访问该文件并获取其内容,如果其中包含一些敏感信息,也同样可能导致较严重的安全问题。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 在边界防火墙或者主机防火墙上限制不可信用户对Oracle Apache web server 80/TCP端口的访问。
        * 编辑$ORACLE_HOME$/apache/apache/conf/httpd.conf文件:
         为了阻止访问globals.jsa文件,增加下列语句:
        
         Order allow,deny
         Deny from all
        

        
         为了阻止访问.java文件,增加下列语句:
        
        
         Order deny,allow
         Deny from all
        

        
         如果JSP文件保存在一个别名目录中(例如不是在"htdocs"的子目录下),那么您必须增加下列语句:
        
        
         Order deny,allow
         Deny from all
        

        
         上面的"dirname"是别名目录的目录名。
        厂商补丁:
        Oracle
        ------
        Oracle已经为此漏洞提供了相应补丁程序,CNNVD建议您随时关注厂商主页以获取相关补丁:
        
        http://metalink.oracle.com

- 漏洞信息

707
Oracle Application Server globals.jsa Database Credential Remote Disclosure
Remote / Network Access
Vendor Verified

- 漏洞描述

- 时间线

2002-02-06 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Oracle 9IAS OracleJSP Information Disclosure Vulnerability
Design Error 4034
Yes No
2002-02-06 12:00:00 2009-07-11 09:56:00
This issue was publicized in a NGSSoftware Insight Security Research Advisory on February 6th, 2002.

- 受影响的程序版本

Stonesoft StoneBeat GUI 2.0 .0.3
Oracle Oracle9i Standard Edition 9.0.1
Oracle Oracle9i Standard Edition 9.0
Oracle Oracle9i Application Server Web Cache 2.0 .0.3
- Oracle Oracle9i Application Server
Oracle Oracle9i Application Server Web Cache 2.0 .0.2
- Oracle Oracle9i Application Server
Oracle Oracle9i Application Server Web Cache 2.0 .0.1
- Oracle Oracle9i Application Server
Oracle Oracle9i Application Server Web Cache 2.0 .0.0
- Oracle Oracle9i Application Server
Oracle Oracle9i Application Server
- Compaq Tru64 5.1
- Compaq Tru64 5.0 f
- Compaq Tru64 5.0 a
- Compaq Tru64 5.0
- Compaq Tru64 4.0 g
- HP HP-UX 11.11
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- HP HP-UX 10.26
- HP HP-UX 10.20
- HP HP-UX 10.16
- HP HP-UX 10.10
- HP HP-UX 10.9
- HP HP-UX 10.8
- HP HP-UX 10.1 0
- HP HP-UX 10.0 1
- HP HP-UX 10.0
- HP HP-UX 9.10
- HP HP-UX 9.9
- HP HP-UX 9.8
- HP HP-UX 9.7
- HP HP-UX 9.6
- HP HP-UX 9.5
- HP HP-UX 9.4
- HP HP-UX 9.3
- HP HP-UX 9.1
- HP HP-UX 9.0
- HP HP-UX 8.9
- HP HP-UX 8.8
- HP HP-UX 8.7
- HP HP-UX 8.6
- HP HP-UX 8.5
- HP HP-UX 8.4
- HP HP-UX 8.2
- HP HP-UX 8.1
- HP HP-UX 8.0
- HP HP-UX 7.8
- HP HP-UX 7.6
- HP HP-UX 7.4
- HP HP-UX 7.2
- HP HP-UX 7.0
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- IBM AIX 4.3.1
- IBM AIX 4.3
- IBM AIX 4.2.1
- IBM AIX 4.2
- IBM AIX 4.1.5
- IBM AIX 4.1.4
- IBM AIX 4.1.3
- IBM AIX 4.1.2
- IBM AIX 4.1.1
- IBM AIX 4.1
- IBM AIX 4.0
- IBM AIX 3.2.5
- IBM AIX 3.2.4
- IBM AIX 3.2
- IBM AIX 3.1
- IBM AIX 3.0 x
- IBM AIX 2.2.1
- IBM AIX 1.3
- IBM AIX 1.2.1
- IBM AIX 5.1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1
- Sun Solaris 1.1.4 -JL
- Sun Solaris 1.1.4
- Sun Solaris 1.1.3 _U1
- Sun Solaris 1.1.3
- Sun Solaris 1.1.2
- Sun Solaris 1.1.1
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 2.6_x86HW5/98
- Sun Solaris 2.6_x86HW3/98
- Sun Solaris 2.6_x86
- Sun Solaris 2.6 HW5/98
- Sun Solaris 2.6 HW3/98
- Sun Solaris 2.6
- Sun Solaris 2.5_x86
- Sun Solaris 2.5
- Sun Solaris 2.4_x86
- Sun Solaris 2.4
- Sun Solaris 2.3
- Sun Solaris 2.2
- Sun Solaris 2.1
- Sun Solaris 2.0
- Sun Solaris 1.2
- Sun Solaris 1.1

- 漏洞讨论

The Oracle 9iAS web service is powered by the Apache webserver. Included is support for delivery of JSP pages.

Three files are created when a user requests a JSP page from a server running OracleJSP. These files contain potentially sensitive information. For example, if a file was named file.jsp, the naming convention for the files is as follows:

_file$__jsp_StaticText.class
_file.class
_file.java

These files are stored in the /_pages directory tree. The problem is that .java file contains source code and may be accessed by arbitrary web users. This may result in the disclosure of database authentication credentials to any user who can guess the path to the untranslated .java file, in addition to disclosing other types of potentially sensitive information.

Furthermore, globals.jsa files may be accessed in this manner, also potentially disclosing sensitive information to remote attackers.

- 漏洞利用

This issue may be exploited with a web browser.

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


Oracle Oracle9i Application Server

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站