漏洞类别:Web server漏洞等级: 
漏洞信息
Bajie HTTP server is a free Web server written in Java. Bajie contains a servlet called "uploadservlet" which enables users to upload files to a target directory and is installed by default. Unauthorized users may be able to use "uploadservlet" to upload a malicious script to a known directory on the Baji Web server. Once the file has been successfully uploaded, it can be executed via a specially crafted URL. The unauthorized user can then gain interactive access to the Bajie Web server with the privileges of the server.
漏洞危害
Successful exploitation of this vulnerability could result in a complete compromise of the host.
解决方案
You can download the latest version of Bajie Web server from Bajie's Home page.
0day
文章评论