CVE-2002-1451
CVSS5.0
发布时间 :2002-08-24 00:00:00
修订时间 :2008-09-05 16:30:38
NMCOES    

[原文]Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character.


[CNNVD]Blazix特殊字符处理源代码泄露漏洞(CNNVD-200208-248)

        
        Blazix是一款免费开放源代码的由JAVA编写的WEB服务程序,可使用在Linux和Microsoft Windows操作系统下。
        Blazix没有很正确的处理包含特殊字符的请求,远程攻击者可以利用这个漏洞获得.jsp脚本的源代码。
        Blazix的API在打开文件时对文件名中包含的特殊字符'+'和'\'(不是%2b和%5c)没有进行正确的解析,攻击者可以在请求的.jsp脚本文件名后追加'+'或者'\'字符,可导致获得脚本的源代码信息,其中可能包含部分密码等敏感信息。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:desiderata_software:blazix:1.2.1
cpe:/a:desiderata_software:blazix:1.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1451
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1451
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200208-248
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/5567
(UNKNOWN)  BID  5567
http://www.securityfocus.com/bid/5566
(VENDOR_ADVISORY)  BID  5566
http://www.iss.net/security_center/static/9952.php
(UNKNOWN)  XF  blazix-unauth-file-access(9952)
http://archives.neohapsis.com/archives/bugtraq/2002-08/0259.html
(UNKNOWN)  BUGTRAQ  20020824 Blazix 1.2 jsp view and free protected folder access

- 漏洞信息

Blazix特殊字符处理源代码泄露漏洞
中危 输入验证
2002-08-24 00:00:00 2005-10-20 00:00:00
远程  
        
        Blazix是一款免费开放源代码的由JAVA编写的WEB服务程序,可使用在Linux和Microsoft Windows操作系统下。
        Blazix没有很正确的处理包含特殊字符的请求,远程攻击者可以利用这个漏洞获得.jsp脚本的源代码。
        Blazix的API在打开文件时对文件名中包含的特殊字符'+'和'\'(不是%2b和%5c)没有进行正确的解析,攻击者可以在请求的.jsp脚本文件名后追加'+'或者'\'字符,可导致获得脚本的源代码信息,其中可能包含部分密码等敏感信息。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * Blazix 1.2.1版本不受此漏洞影响,不过没有得到供应商证实,而且还存在其他的安全问题。建议暂时停止使用Blazix。
        厂商补丁:
        Desiderata Software
        -------------------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.blazix.com/

- 漏洞信息 (21751)

Blazix 1.2 Special Character Handling Server Side Script Information Disclosure (EDBID:21751)
multiple remote
2002-08-24 Verified
0 Auriemma Luigi
N/A [点击下载]
source: http://www.securityfocus.com/bid/5566/info

Blazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems.

When a user passes a request to the web server that ends in either a plus (+) or backslash (\), the web server may react unpredictably. This type of character appended to the name of a .jsp file has been reported to reveal the contents of the .jsp file. 

http://www.example.com/jsptest.jsp+
http://www.example.com/jsptest.jsp\ 		

- 漏洞信息 (21752)

Blazix 1.2 Password Protected Directory Information Disclosure Vulnerability (EDBID:21752)
multiple remote
2002-08-25 Verified
0 Auriemma Luigi
N/A [点击下载]
source: http://www.securityfocus.com/bid/5567/info

Blazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems.

Blazix does not properly handle some special characters when appended to requests. By passing a special character with a request to the web server, it is possible for a user to gain access to a listing of a password protected directory. This could result in information disclosure, and could potentially be used to gain intelligence in launching an attack against a system. 

http://www.example.com/bugtest+/
http://www.example.com/bugtest\/ 		

- 漏洞信息

10466
Blazix Trailing Character JSP Source Disclosure

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-09-24 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Blazix Password Protected Directory Information Disclosure Vulnerability
Input Validation Error 5567
Yes No
2002-08-25 12:00:00 2009-07-11 03:56:00
Vulnerability discovery credited to Auriemma Luigi <aluigi@pivx.com>.

- 受影响的程序版本

Desiderata Software Blazix 1.2.1
Desiderata Software Blazix 1.2
Desiderata Software Blazix 1.2.2

- 不受影响的程序版本

Desiderata Software Blazix 1.2.2

- 漏洞讨论

Blazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems.

Blazix does not properly handle some special characters when appended to requests. By passing a special character with a request to the web server, it is possible for a user to gain access to a listing of a password protected directory. This could result in information disclosure, and could potentially be used to gain intelligence in launching an attack against a system.

- 漏洞利用

Contributed by Auriemma Luigi &lt;aluigi@pivx.com&gt;:

http://www.example.com/bugtest+/
http://www.example.com/bugtest\/

- 解决方案

Blazix 1.2.2 is not vulnerable to this issue. Users are advised to upgrade to the newest version of Blazix.


Desiderata Software Blazix 1.2.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站