CVE-2000-1224
published 2000-11-23CVE-2000-1224: Caucho Technology Resin 1.2 and possibly earlier allows remote attackers to view JSP source via an HTTP request to a .jsp file with certain characters appended…
PriorityP421medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.86%
85.0th percentile
Caucho Technology Resin 1.2 and possibly earlier allows remote attackers to view JSP source via an HTTP request to a .jsp file with certain characters appended to the file name, such as (1) "..", (2) "%2e..", (3) "%81", (4) "%82", and others.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| caucho_technology | resin | — | — |
| caucho_technology | resin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Caucho Technology Resin 1.2 - JSP Source Disclosure
exploitdb·2000-11-23
CVE-2000-1224 Caucho Technology Resin 1.2 - JSP Source Disclosure
Caucho Technology Resin 1.2 - JSP Source Disclosure
---
source: https://www.securityfocus.com/bid/1986/info
Resin is a servlet and JSP engine that supports java and javascript.
ServletExec will return the source code of JSP files when an HTTP request is appended with certain characters. This vulnerability is dependent on the platform that Resin is running on.
Successful exploitation could lead to the disclosure of sensitive information contained within JSP pages.
Apache (Win32):
..
%2e..
%81
%82
Example: http://target/filename.jsp%81
Resin Web Server:
../
Example: http://target/filename.jsp../
IIS 5 requesting the URL encoded with ASCII:
'%2' instead of '.'
Example: http://target/filename%2ejsp
Exploit-DB
Microsoft Internet Explorer 4.0/5.0/5.5 preview/5.0.1 - DocumentComplete() Cross Frame Access
exploitdb·2000-05-17
CVE-2000-0465 Microsoft Internet Explorer 4.0/5.0/5.5 preview/5.0.1 - DocumentComplete() Cross Frame Access
Microsoft Internet Explorer 4.0/5.0/5.5 preview/5.0.1 - DocumentComplete() Cross Frame Access
---
source: https://www.securityfocus.com/bid/1224/info
The DocumentComplete() function in IE does not properly validate origin domains.
Therefore it is possible for a remote webserver to gain read access to local files on the machine of any website visitor or email recipient by accessing the browser object of a frame containing local content. Only files that can be opened by a browser window (eg. *.htm, *.js, *.txt etc) are viewable, and the path and name of the file must be known by the attacker.
Update (May 16, 2001): A new variant of this vulnerability has been discovered. Microsoft has released a new patch to address all known variants of this vulnerability.
alert (browser.document.bod
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=97502269408279&w=2http://www.securityfocus.com/archive/1/146770http://www.securityfocus.com/bid/1986https://exchange.xforce.ibmcloud.com/vulnerabilities/5568http://marc.info/?l=bugtraq&m=97502269408279&w=2http://www.securityfocus.com/archive/1/146770http://www.securityfocus.com/bid/1986https://exchange.xforce.ibmcloud.com/vulnerabilities/5568
2000-11-23
Published