Test ID:	1.3.6.1.4.1.25623.1.0.10925
Category:	Web Servers
Title:	Oracle Jserv Executes outside of doc_root
Summary:	Detects Vulnerability in the execution of JSPs outside; doc_root.
Description:	Summary: Detects Vulnerability in the execution of JSPs outside doc_root. Vulnerability Insight: A potential security vulnerability has been discovered in Oracle JSP releases 1.0.x through 1.1.1 (in Apache/Jserv). This vulnerability permits access to and execution of unintended JSP files outside the doc_root in Apache/Jserv. For example, accessing: http://www.example.com/a.jsp//..//..//..//..//..//../b.jsp will execute b.jsp outside the doc_root instead of a.jsp if there is a b.jsp file in the matching directory. Further, Jserv Releases 1.0.x - 1.0.2 have additional vulnerability: Due to a bug in Apache/Jserv path translation, any URL that looks like: http://example.com:port/servlets/a.jsp, makes Oracle JSP execute 'd:\servlets\a.jsp' if such a directory path actually exists. Thus, a URL virtual path, an actual directory path and the Oracle JSP name (when using Oracle Apache/JServ) must match for this potential vulnerability to occur. Affected Software/OS: Oracle8i Release 8.1.7, iAS Release version 1.0.2 Oracle JSP, Apache/JServ Releases version 1.0.x - 1.1.1 Solution: Upgrade to OJSP Release 1.1.2.0.0, available on Oracle Technology Network's OJSP web site. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2001-0307 Bugtraq: 20010216 Vulnerabilities in Bajie Http JServer (Google Search) http://archives.neohapsis.com/archives/bugtraq/2001-02/0314.html
Copyright	Copyright (C) 2002 Michael Scheidell

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.