House of Fusion
Search over 2,500 ColdFusion resources here
  
Home of the ColdFusion Community

Mailing Lists
Home /  Groups /  ColdFusion Server (CF-Server)

/servlet/

  << Previous Post |  RSS |  Sort Oldest First |  Sort Latest First |  Subscribe to this Group Next >> 
Top  |   Reply  |   Original Post  |   RSS Feed  |   Subscribe to this Group
Author:
Steve K
03/24/2004 02:12 PM

We are running CFMX on 2003web and if you hit www.domainname.com/servlet you get a generic cf error even though this directory is not there.  Is there a way to disable this undocumented feature in MX so iis will return a 404. Steve

Top  |   Parent  |   Reply  |   Original Post  |   RSS Feed  |   Subscribe to this Group
Author:
Mike Townend
03/25/2004 05:53 AM

We'd like some info on this too, when we do a nessus check we get the following vulnrabilities Nessus scan revealed the following Vulnerabilities, server setup TYAN S2466 1Gb ECC Memory Debian Linux (testing) apache2-mpm-worker 2.0.48-7 ColdFusion 6.1 ServletExec has a servlet called 'UploadServlet' in its server side classes. UploadServlet, when invokable, allows an attacker to upload any file to any directory on the server. The uploaded file may have code that can later be executed on the server, leading to remote command execution. Solution : Remove it Risk factor : Serious CVE : CVE-2000-1024 BID : 1876€ ServletExec has a servlet called 'UploadServlet' in its server side classes. UploadServlet, when invokable, allows an attacker to upload any file to any directory on the server. The uploaded file may have code that can later be executed on the server, leading to remote command execution. Solution : Remove it Risk factor : Serious CVE : CVE-2000-1024 BID : 1876€ We are running CFMX on 2003web and if you hit www.domainname.com/servlet you get a generic cf error even though this directory is not there.  Is there a way to disable this undocumented feature in MX so iis will return a 404. Steve   _____  

Top  |   Parent  |   Reply  |   Original Post  |   RSS Feed  |   Subscribe to this Group
Author:
Mike Townend
03/25/2004 12:06 PM

bit of a cut a paste over zealousness there... the second vulnerability should have read: The 'bboard' servlet is installed in /servlet/sunexamples.BBoardServlet. This servlet has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody). Solution : remove it. Risk factor : Serious CVE : CAN-2000-0629 BID : 1459

Top  |   Parent  |   Reply  |   Original Post  |   RSS Feed  |   Subscribe to this Group
Author:
Steve K
03/25/2004 12:29 PM

Thats the same reason we are trying to disable it!  The only workaround I can this of is to make a empty virtual directory in the webserver if there is no way to disable it in CF. Tim, give this link a try http://practicematch.com/servlet  it will do the same thing as our servers Steve   We'd like some info on this too, when we do a nessus check we get the   following vulnrabilities   Nessus scan revealed the following Vulnerabilities,   server setup   TYAN S2466   1Gb ECC Memory   Debian Linux (testing)   apache2-mpm-worker 2.0.48-7   ColdFusion 6.1   ServletExec has a servlet called 'UploadServlet' in its server   side classes. UploadServlet, when invokable, allows an   attacker to upload any file to any directory on the server. The   uploaded file may have code that can later be executed on the   server, leading to remote command execution.   Solution : Remove it   Risk factor : Serious   CVE : CVE-2000-1024   BID : 1876?   ServletExec has a servlet called 'UploadServlet' in its server   side classes. UploadServlet, when invokable, allows an   attacker to upload any file to any directory on the server. The   uploaded file may have code that can later be executed on the   server, leading to remote command execution.   Solution : Remove it   Risk factor : Serious   CVE : CVE-2000-1024   BID : 1876?   We are running CFMX on 2003web and if you hit www.domainname.com/servlet you   get a generic cf error even though this directory is not there.  Is there a   way to disable this undocumented feature in MX so iis will return a 404.   Steve     _____

Top  |   Parent  |   Reply  |   Original Post  |   RSS Feed  |   Subscribe to this Group
Author:
Mike Townend
03/25/2004 12:52 PM

copy paste error, the second vulnerability should read... The 'bboard' servlet is installed in /servlet/sunexamples.BBoardServlet. This servlet has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody). Solution : remove it. Risk factor : Serious CVE : CAN-2000-0629 BID : 1459 We'd like some info on this too, when we do a nessus check we get the following vulnrabilities Nessus scan revealed the following Vulnerabilities, server setup TYAN S2466 1Gb ECC Memory Debian Linux (testing) apache2-mpm-worker 2.0.48-7 ColdFusion 6.1 ServletExec has a servlet called 'UploadServlet' in its server side classes. UploadServlet, when invokable, allows an attacker to upload any file to any directory on the server. The uploaded file may have code that can later be executed on the server, leading to remote command execution. Solution : Remove it Risk factor : Serious CVE : CVE-2000-1024 BID : 1876€ ServletExec has a servlet called 'UploadServlet' in its server side classes. UploadServlet, when invokable, allows an attacker to upload any file to any directory on the server. The uploaded file may have code that can later be executed on the server, leading to remote command execution. Solution : Remove it Risk factor : Serious CVE : CVE-2000-1024 BID : 1876€ We are running CFMX on 2003web and if you hit www.domainname.com/servlet you get a generic cf error even though this directory is not there.  Is there a way to disable this undocumented feature in MX so iis will return a 404. Steve   _____   _____  

Top  |   Reply  |   Original Post  |   RSS Feed  |   Subscribe to this Group
Author:
Raster, Tim
03/25/2004 12:03 PM

If you're getting a CF error, then CF is finding something somewhere to run.  That's hardly an undocumented feature. Do you perhaps have a page set in your CF config to run when documents are not found, and that script has errors in it?  Look in your CF admin screen for something under there.  Also, turn debugging on so you can see which script is barfing.  Then you'll have a better idea of which script is complaining, and therefore which script is running. We are running CFMX on 2003web and if you hit www.domainname.com/servlet you get a generic cf error even though this directory is not there.  Is there a way to disable this undocumented feature in MX so iis will return a 404. Steve   _____  

Top  |   Reply  |   Original Post  |   RSS Feed  |   Subscribe to this Group
Author:
Dave Watts
03/25/2004 12:43 PM

> We'd like some info on this too, when we do a nessus check we > get the following vulnrabilities > > Nessus scan revealed the following Vulnerabilities, > > ServletExec has a servlet called 'UploadServlet' ... Unless you've installed ServletExec, you don't have to worry about ServletExec functionality or vulnerabilities. In my relatively limited experience with Nessus, it tends to overgeneralize about what it finds. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444

Top  |   Reply  |   Original Post  |   RSS Feed  |   Subscribe to this Group
Author:
Raster, Tim
03/25/2004 12:49 PM

I see what you're talking about, and now I see the undocumented feature. I haven't tried this, but have you tried putting a mapping in place in IIS, so it redirects /servlet to somewhere else, so that CF doesn't even get passed the /servlet path from IIS?  Perhaps to a page that redirects, or a page that returns an error?  IIS should be able to intercept it before CF gets it, I would think. Thats the same reason we are trying to disable it!  The only workaround I can this of is to make a empty virtual directory in the webserver if there is no way to disable it in CF. Tim, give this link a try http://practicematch.com/servlet  it will do the same thing as our servers Steve   We'd like some info on this too, when we do a nessus check we get the   following vulnrabilities   Nessus scan revealed the following Vulnerabilities,   server setup   TYAN S2466   1Gb ECC Memory   Debian Linux (testing)   apache2-mpm-worker 2.0.48-7   ColdFusion 6.1   ServletExec has a servlet called 'UploadServlet' in its server   side classes. UploadServlet, when invokable, allows an   attacker to upload any file to any directory on the server. The   uploaded file may have code that can later be executed on the   server, leading to remote command execution.   Solution : Remove it   Risk factor : Serious   CVE : CVE-2000-1024   BID : 1876?   ServletExec has a servlet called 'UploadServlet' in its server   side classes. UploadServlet, when invokable, allows an   attacker to upload any file to any directory on the server. The   uploaded file may have code that can later be executed on the   server, leading to remote command execution.   Solution : Remove it   Risk factor : Serious   CVE : CVE-2000-1024   BID : 1876?   We are running CFMX on 2003web and if you hit www.domainname.com/servlet you   get a generic cf error even though this directory is not there.  Is there a   way to disable this undocumented feature in MX so iis will return a 404.   Steve     _____   _____  

Top  |   Reply  |   Original Post  |   RSS Feed  |   Subscribe to this Group
Author:
Mark Woods
03/25/2004 12:53 PM

At 19:14 24/03/2004, you wrote: >We are running CFMX on 2003web and if you hit www.domainname.com/servlet >you get a generic cf error even though this directory is not there.  Is >there a way to disable this undocumented feature in MX so iis will return >a 404. My default-web.xml (in CFusionMX/runtime/servers/default/SERVER-INF/) contains a servlet mapping for the ServletInvoker servlet with a url pattern of "/servlet/*". After commenting this out, IIS returns a 404. AFAIK, most servlet containers contain a servlet mapping like this by default, so any servlets in the servlets directory can be called directly without having to set up a specifc mapping. What I don't understand is how IIS knew not only that a request for /servlet was destined for a servlet container, but it knew which one. There is no servlet virtual directory and I don't recognise any ISAPI filter installed that should do this either. Mark

Top  |   Parent  |   Reply  |   Original Post  |   RSS Feed  |   Subscribe to this Group
Author:
Steve K
03/25/2004 03:53 PM

Thanks, worked perfectly.. exactly what I was looking for but couldn't find. Steve   At 19:14 24/03/2004, you wrote:   >We are running CFMX on 2003web and if you hit www.domainname.com/servlet   >you get a generic cf error even though this directory is not there.  Is   >there a way to disable this undocumented feature in MX so iis will return   >a 404.   My default-web.xml (in CFusionMX/runtime/servers/default/SERVER-INF/)   contains a servlet mapping for the ServletInvoker servlet with a url   pattern of "/servlet/*". After commenting this out, IIS returns a 404.   AFAIK, most servlet containers contain a servlet mapping like this by   default, so any servlets in the servlets directory can be called directly   without having to set up a specifc mapping.   What I don't understand is how IIS knew not only that a request for   /servlet was destined for a servlet container, but it knew which one. There   is no servlet virtual directory and I don't recognise any ISAPI filter   installed that should do this either.   Mark

Top  |   Reply  |   Original Post  |   RSS Feed  |   Subscribe to this Group
Author:
Dave Watts
03/25/2004 01:05 PM

> What I don't understand is how IIS knew not only that a > request for /servlet was destined for a servlet container, > but it knew which one. There is no servlet virtual directory > and I don't recognise any ISAPI filter installed that should > do this either. The ISAPI filter used by CFMX does this. There are several request patterns that it will identify as belonging to CFMX and/or JRun. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444


<< Previous Thread Today's Threads Next Thread >>

Search cf-server

September 23, 2014

<<   <   Today   >   >>
Su Mo Tu We Th Fr Sa
   1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30         

Designer, Developer and mobile workflow conference