_JSP技巧_黑客防线网安服务器维护基地--Powered by WWW.RONGSEN.COM.CN


作者:黑客防线网安JSP教程基地 来源:黑客防线网安JSP教程基地 浏览次数:0

bugtraq id 1328
  class Design Error
  cve CVE-2000-0499
  remote Yes
  local Yes
  published June 08, 2000
  updated November 10, 2000
  vulnerable BEA Systems Weblogic 4.5.1
  - Microsoft Windows NT 4.0
  BEA Systems Weblogic 4.0.4
  - Microsoft Windows NT 4.0
  BEA Systems Weblogic 3.1.8
  - Microsoft Windows NT 4.0
  IBM Websphere Application Server 3.0.21
  - Sun Solaris 8.0
  - Microsoft Windows NT 4.0
  - Linux kernel 2.3.x
  - IBM AIX 4.3
  Unify eWave ServletExec 3.0
  - Sun Solaris 8.0
  - Microsoft Windows 98
  - Microsoft Windows NT 4.0
  - Microsoft Windows NT 2000
  - Linux kernel 2.3.x
  - IBM AIX 4.3.2
  - HP HP-UX 11.4
  Many webservers are case-sensitive, but do not have all possible combinations of cases in mapped extensions mapped properly.
  By changing the letters in a JSP or a JHTML file extension from lower case to upper case (eg: .jsp or .jhtml becomes .JSP or .JHTML) in a URL the server does not recognize the file extension and sends the file normally. In that manner, a user is able to access the source code to those specific files.
网站维护教程更新时间:2012-04-07 00:43:19  【打印此页】  【关闭
我要申请本站N点 | 黑客防线官网 |  

footer  footer  footer  footer