Hi, at three time, I sent a message to Sun's web team about a full path disclosure vulnerability they have in their website, but withtout any acknowledge or correction of it. Sun's website use .jhtml files. The Java engine computing these pages do not handle errors properly and return the full path of the web server when you request a non-existent file. --> http://store.sun.com/demo.jhtm <-- Will return this : --> Error getting compiled page Can't read source file: /eSunfe1/util/sunstore/SSDynamo/html/demo.jhtm <-- I received this error message a first time when I did a typo in the URL I was looking for. Requesting a non-existent file not managed by the Java engine, so handled by the HTTP daemon, will not disclose these informations. (http://store.sun.com/demo.jpg) Hope Sun will correct this in both their web sites and their Java engine (they surely use their own tools for that !) Jacques Bourdeau
This archive was generated by hypermail 2b30 : Mon Jan 28 2002 - 11:51:34 PST
