Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Oracle Jserv Executes outside of doc_root

Information

Severity

Severity

High

Family

Family

Web Servers

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

18 years ago

Modified

Modified

5 years ago

Summary

Detects Vulnerability in the execution of JSPs outside doc_root.

Insight

Insight

A potential security vulnerability has been discovered in Oracle JSP releases 1.0.x through 1.1.1 (in Apache/Jserv). This vulnerability permits access to and execution of unintended JSP files outside the doc_root in Apache/Jserv. For example, accessing: http://www.example.com/a.jsp//..//..//..//..//..//../b.jsp will execute b.jsp outside the doc_root instead of a.jsp if there is a b.jsp file in the matching directory. Further, Jserv Releases 1.0.x - 1.0.2 have additional vulnerability: Due to a bug in Apache/Jserv path translation, any URL that looks like: http://example.com:port/servlets/a.jsp, makes Oracle JSP execute 'd:\servlets\a.jsp' if such a directory path actually exists. Thus, a URL virtual path, an actual directory path and the Oracle JSP name (when using Oracle Apache/JServ) must match for this potential vulnerability to occur.

Affected Software

Affected Software

Oracle8i Release 8.1.7, iAS Release version 1.0.2 Oracle JSP, Apache/JServ Releases version 1.0.x - 1.1.1

Solution

Solution

Upgrade to OJSP Release 1.1.2.0.0, available on Oracle Technology Network's OJSP web site.

Common Vulnerabilities and Exposures (CVE)