暴露源代码漏洞

bugtraq id 1328 class Design Error cve CVE-2000-0499 remote Yes local Yes published June 08, 2000 updated November 10, 2000 vulnerable BEA Systems Weblogic 4.5.1- Microsoft Windows NT 4.0BEA Systems Weblogic 4.0.4- Microsoft Windows NT 4.0BEA Systems Weblogic 3.1.8- Microsoft Windows NT 4.0IBM Websphere Application Server 3.0.21- Sun Solaris 8.0- Microsoft Windows NT 4.0- Linux kernel 2.3.x- IBM AIX 4.3Unify eWave ServletExec 3.0- Sun Solaris 8.0- Microsoft Windows 98- Microsoft Windows NT 4.0- Microsoft Windows NT 2000- Linux kernel 2.3.x- IBM AIX 4.3.2- HP HP-UX 11.4Many webservers are case-sensitive, but do not have all possible combinations of cases in mapped extensions mapped properly. By changing the letters in a JSP or a JHTML file extension from lower case to upper case (eg: .jsp or .jhtml becomes .JSP or .JHTML) in a URL the server does not recognize the file extension and sends the file normally. In that manner, a user is able to access the source code to those specific files.