Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1054 |
Message | WEB-MISC weblogic/tomcat .jsp view source attempt |
Summary | Someone attempted to gain unauthorized access to web application source code through a BEA WebLogic Server or Apache Tomcat JSP vulnerability. |
Impact | An attacker may have been able to read the source code to a web application. Sometimes web application source code contains highly sensitive information, such as database passwords and information concerning backend setups. This could be a prelude to further attacks. |
Detailed Information | Some versions of BEA WebLogic and Apache Tomcat web servers contain vulnerabilities that can allow an attacker to read the source code to web applications. |
Affected Systems | |
Attack Scenarios | Attacker sends a simple URL like the following: http://www.example.com/index.js%70 |
Ease of Attack | Very simple handcrafted URL. |
Corrective Action | Examine the packet to see if a web request was being done. Try to determine what the requested file was, and determine from the web server's configuration whether it was a threat or not (e.g., whether the requested file even existed and whether the web server was vulnerable to such attacks). |
Additional References | |
Rule References | bugtraq: 2527 |
--
DID:659139
--
http://www.aanval.com/