Fatal编程技术网
  • java/
  • javax.servlet.jsp.jsptageexception:无效的jsp文件%2e%2e/%2e%2e/%2e%2e/%2e/%2e%2e/system/autoexec.ncf

javax.servlet.jsp.jsptageexception:无效的jsp文件%2e%2e/%2e%2e/%2e%2e/%2e/%2e%2e/system/autoexec.ncf

java jsp

javax.servlet.jsp.jsptageexception:无效的jsp文件%2e%2e/%2e%2e/%2e%2e/%2e/%2e%2e/system/autoexec.ncf,java,jsp,Java,Jsp,我们在Tomcat6.0中部署了一个web应用程序,当我们请求URL时,我们在日志文件中得到以下错误。你能帮我找出错误吗 SEVERE: Servlet.service() for servlet jsp threw exception javax.servlet.jsp.JspTagException: Invalid JSP file %2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf at examples.ShowSou

我们在Tomcat6.0中部署了一个web应用程序,当我们请求URL时,我们在日志文件中得到以下错误。你能帮我找出错误吗

SEVERE: Servlet.service() for servlet jsp threw exception
    javax.servlet.jsp.JspTagException: Invalid JSP file     %2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf
    at examples.ShowSource.doEndTag(ShowSource.java:41)
    at org.apache.jsp.jsp.source_jsp._jspService(source_jsp.java:87)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:388)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
这个

URL解码为

../../../../system/autoexec.ncf
这可能是试图攻击您的服务器。

URL解码为

../../../../system/autoexec.ncf
这可能是攻击您的服务器的企图。

这与

112119:Novell NetWare 6.0 Tomcat Source.jsp遍历任意文件访问 风险4:Netware

与NetWare 6.0一起分发的Apache Tomcat服务器存在目录遍历漏洞。因此,可以从NetWare服务器获取敏感信息,例如位于AUTOEXEC.NCF中的RCONSOLE密码

示例:

http://target/examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf
解决方案:

http://target/examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf
将Tomcat升级至最新版本,或者禁用不需要的服务。从web服务器中删除默认文件。此外,请确保RCONSOLE密码已加密,并使用受密码保护的屏幕保护程序进行控制台访问

参考文献:

http://target/examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf
CVSS信息:

http://target/examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf
攻击复杂度低,完全保密

积分:

http://target/examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf
成立日期:2009-12-04

修补服务器。

这与

112119:Novell NetWare 6.0 Tomcat Source.jsp遍历任意文件访问 风险4:Netware

与NetWare 6.0一起分发的Apache Tomcat服务器存在目录遍历漏洞。因此,可以从NetWare服务器获取敏感信息,例如位于AUTOEXEC.NCF中的RCONSOLE密码

示例:

http://target/examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf
解决方案:

http://target/examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf
将Tomcat升级至最新版本,或者禁用不需要的服务。从web服务器中删除默认文件。此外,请确保RCONSOLE密码已加密,并使用受密码保护的屏幕保护程序进行控制台访问

参考文献:

http://target/examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf
CVSS信息:

http://target/examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf
攻击复杂度低,完全保密

积分:

http://target/examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf
成立日期:2009-12-04

给服务器打补丁。

你能给我们看看你的JSP文件吗?你能给我们看看你的JSP文件吗?