• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Multiple Vendor URL JSP Request Source Code Disclosure Vulnerability

Severity: MODERATE

Description:

BEA Systems WebLogic Server is an enterprise level web and wireless application server.

Tomcat can be used together with the Apache web server or a stand alone server for Java Servlets and Java Pages. Tomcat ships with a built in web server.

A vulnerability exists in both applications that would enable an attacker to view the source code of JSP files.

The problem exists in the way each built-in web server handles decoding a requested URL. If the URL contains encoded values for characters in a filename, the contents of the file requested will be served to the client. In this situation, the webserver makes no distinction between static 'content' files and scripts that are run by the webservers. It is therefore possible for an attacker to view the contents of scripts using this vulnerability.

One instance where this behaviour is present is when the requested URL consists of a filename including the encoded value '%70' instead of the actual 'p' character. For example, an attacker could make a request for index.js%70.

The target webserver, upon recieving this request, will interpret the URL incorrectly and serve the contents of the file, instead of the output of the executed JSP page.

It has been reported that Tomcat and Weblogic will reveal the source of the requested JSP using a variant of the '%70' URL.

If successfully exploited this vulnerability could lead to the disclosure of sensitive information contained within JSP pages. This information may assist in further attacks against the host.

Affected Products:

• Apache Software Foundation Tomcat 3.2.1
• Apache Software Foundation Tomcat 4.0.0
• BEA Systems Weblogic Server 5.1.0

References:

• Apache Software Foundation: Tomcat Homepage
• Oracle: WebLogic Server Product Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.