Orion Application Server JSP source code disclosure (HTTP_Orion_JSP_SourceRead)

About this signature or vulnerability

Proventia Network IPS, RealSecure Desktop, BlackICE Server Protection, BlackICE PC Protection, RealSecure Network, RealSecure Server Sensor, Proventia Network IDS, Proventia Desktop, Proventia-G 1.1 and earlier, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:

This signature detects a URL ending with the file name extension ".jsp " (.jsp followed by a space).


False positives

Proventia Network IPS, RealSecure Network, RealSecure Server Sensor, Proventia Network IDS, Proventia Desktop, Proventia-G 1.1 and earlier, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware: Blocking should not be enabled unless you have a vulnerable server.

Default risk level

Low risk vulnerability  Low

Sensors that have this signature

Proventia Network IPS: XPU 1.90, RealSecure Desktop: epw, BlackICE Server Protection: 3.6.cpw, BlackICE PC Protection: 3.6cpw, RealSecure Network: XPU 24.51, RealSecure Server Sensor: XPU 24.51, Proventia Network IDS: XPU 24.51, Proventia Desktop: 1910, Proventia-G 1.1 and earlier: XPU 24.51, Proventia Network MFS: XPU 1.90, IBM Security Server Protection for Windows: 1.0.914.1910, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Server IPS for Linux technology: 1.90, Virtual Server Protection for Vmware: 1.0

Systems affected

Orion Server Orion Application Server: 2.0.5, Orion Server Orion Application Server: 2.0.6

Type

Suspicious Activity

Vulnerability description

Orion Application Server could allow a remote attacker to obtain sensitive information. If an attacker sends a URL request for a known JavaServer Pages (JSP) file with "dot" and "space" characters appended to the file extension, the requested file's source code will be returned.

How to remove this vulnerability

Upgrade to the latest version of Orion Application Server (2.0.7 or later), available from the Orion Web site. See References.

References

Secunia Research 23/03/2006
Orion Application Server JSP Source Disclosure Vulnerability
http://secunia.com/secunia_research/2006-11/advisory/

SA18950
Orion Application Server JSP Source Disclosure Vulnerability
http://secunia.com/advisories/18950/

Orion Web site
Orion Application Server
http://www.orionserver.com/

ISS X-Force
Orion Application Server JSP source code disclosure
http://www.iss.net/security_center/static/25405.php

CVE
CVE-2006-0816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0816