This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.Īn attacker who is authorized to send queries to a target sends variants of expected queries in the hope that these modified queries might return information (directly or indirectly through error logs) beyond what the expected set of queries should provide. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. This is a privilege elevation attack targeted at zone-based web-browser security.
Apache tomcat 6.0.24 code#
It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.Īn attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. This is often referred as escaped ending or percent-encoding.
For instance US-ASCII space character would be represented with %20. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). A URL may contain special character that need special syntax handling in order to be interpreted. An attacker can take advantage of the multiple ways of encoding a URL and abuse the interpretation of the URL. jvm=C:\Program Files\Java\jdk1.5.0_15\jre\bin\server\jvm.dll).This attack targets the encoding of the URL combined with the encoding of the slash characters.
Apache tomcat 6.0.24 64 bits#
Anyway, it's highly recommented check registry value that define which version of JDK/JRE will be used for tomcat windows service, see key HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\Parameters\Log\jvm and point it out to correct 64 bits JDK/JRE (e.g. It can be done explicitly (path to wrong JDK/JRE) or implicitly ("auto" value that imply using of JAVA_HOME or JRE_HOME that point out to 32 bits version). It points out itself to 32 bits version of JRE/JDK instead of 64 bits. Under certain conditions tomcat is not correctly configure service registry values.
Apache tomcat 6.0.24 install#
Install it as Windows service executing "service.bat install ", where is optional windows service name.
(Update: The Bugzilla post seems to be down, but I believe an updated exe file can be found in the Tomcat SVN Repository). Rename tomcat5.exe (tomcat6.exe) to tomcat5.exe.32bits to (tomcat6.exe.32bits)Įxtract 64 bits Tomcat wrapper from tomcat5_5_64bits_wrapper.zip and rename it to tomcat5.exe (tomcat6.exe). Steps that should allow you to install Tomcat as windows service under JDK64bits.ĭownload Tomcat binary installation (zip file exe file will not find 64 bits JDK/JRE).
Tomcat wrapper for windows service is compiled for 32 bits JDK.
0 kommentar(er)
