|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有帐号?立即注册
x
市场分额,java比asp高一点,因为C#是仿照java开发的,所以哦C#能做的java都能做到,但是java能做的,C#不一定都能做到。毕竟是抄袭吗。web|源代码
bugtraqid1500
classAccessValidationError
cveGENERIC-MAP-NOMATCH
remoteYes
localYes
publishedJuly24,2000
updatedJuly24,2000
vulnerableIBMWebsphereApplicationServer3.0.21
-SunSolaris8.0
-MicrosoftWindowsNT4.0
-Linuxkernel2.3.x
-IBMAIX4.3
IBMWebsphereApplicationServer3.0
-SunSolaris8.0
-NovellNetware5.0
-MicrosoftWindowsNT4.0
-Linuxkernel2.3.x
-IBMAIX4.3
IBMWebsphereApplicationServer2.0
-SunSolaris8.0
-NovellNetware5.0
-MicrosoftWindowsNT4.0
-Linuxkernel2.3.x
-IBMAIX4.3
CertainversionsoftheIBMWebSphereapplicationservershipwithavulnerabilitywhichallowsmalicioususerstoviewthesourceofanydocumentwhichresidesinthewebdocumentrootdirectory.
Thisispossibleviaaflawwhichallowsadefaultservlet(differentservletsareusedtoparsedifferenttypesofcontent,JHTML,HTMl,JSP,etc.)Thisdefaultservletwilldisplaythedocument/pagewithoutparsing/compilingithenceallowingthecodetobeviewedbytheenduser.
TheFoundstone,Inc.advisorywhichcoveredthisproblemdetailedthefollowingmethodofverifyingthevulnerability-fulltextofthisadvisoryisavailableintheCreditsectionofthisentry:
"Itiseasytoverifythisvulnerabilityforagivensystem.Prefixingthepathtowebpageswith"/servlet/file/"intheURLcausesthefiletobedisplayedwithoutbeing
parsedorcompiled.ForexampleiftheURLforafile"login.jsp"is:
http://site.running.websphere/login.jsp
thenaccessing
http://site.running.websphere/servlet/file/login.jsp
wouldcausetheunparsedcontentsofthefiletoshowupinthewebbrowser."
java主要分三块,j2se:java的基础核心语言。j2me:java的微型模块,专门针对内存小,没有持续电源等小型设备。j2ee:java的企业模块,专门针对企业数据库服务器的连接维护。 |
|