Vulnerabilities > CVE-2002-0300 - Unspecified vulnerability in Gnujsp 1.0.0/1.0.1

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
gnujsp
nessus
exploit available
NVD
Published: 2002-05-31
Updated: 2016-10-18

Summary

gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file.

Vulnerable Configurations

Part Description Count
Application
Gnujsp
2

Exploit-Db

descriptionGNUJSP 1.0 File Disclosure Vulnerability. CVE-2002-0300. Remote exploits for multiple platform
idEDB-ID:21295
last seen2016-02-02
modified2002-02-19
published2002-02-19
reporterThomas Springer
sourcehttps://www.exploit-db.com/download/21295/
titleGNUJSP 1.0 File Disclosure Vulnerability

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-114.NASL
descriptionThomas Springer found a vulnerability in GNUJSP, a Java servlet that allows you to insert Java source code into HTML files. The problem can be used to bypass access restrictions in the web server. An attacker can view the contents of directories and download files directly rather then receiving their HTML output. This means that the source code of scripts could also be revealed. The problem was fixed by Stefan Gybas, who maintains the Debian package of GNUJSP. It is fixed in version 1.0.0-5 for the stable release of Debian GNU/Linux. The versions in testing and unstable are the same as the one in stable so they are vulnerable, too. You can install the fixed version this advisory refers to on these systems to solve the problem as this package is architecture independent.
last seen2020-06-01
modified2020-06-02
plugin id14951
published2004-09-29
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14951
titleDebian DSA-114-1 : gnujsp - unauthorized file access
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-114. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(14951);
  script_version("1.15");
  script_cvs_date("Date: 2019/08/02 13:32:16");

  script_cve_id("CVE-2002-0300");
  script_xref(name:"DSA", value:"114");

  script_name(english:"Debian DSA-114-1 : gnujsp - unauthorized file access");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Thomas Springer found a vulnerability in GNUJSP, a Java servlet that
allows you to insert Java source code into HTML files. The problem can
be used to bypass access restrictions in the web server. An attacker
can view the contents of directories and download files directly
rather then receiving their HTML output. This means that the source
code of scripts could also be revealed.

The problem was fixed by Stefan Gybas, who maintains the Debian
package of GNUJSP. It is fixed in version 1.0.0-5 for the stable
release of Debian GNU/Linux.

The versions in testing and unstable are the same as the one in stable
so they are vulnerable, too. You can install the fixed version this
advisory refers to on these systems to solve the problem as this
package is architecture independent."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2002/dsa-114"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the gnujsp package immediately."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gnujsp");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2002/02/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"2.2", prefix:"gnujsp", reference:"1.0.0-5")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

References