Email address | private |
---|---|
First Active | 2010-06-25 |
Last Active | 2024-09-01 |
This Metasploit module attempts to login to an Apache Axis2 instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It has been verified to work on at least versions 1.4.1 and 1.6.2.
4719452255874c71f8d0b9c9d1065c938d1a02c4240afad5a85654a333b0db20
This Metasploit module enumerates Apache Tomcats usernames via malformed requests to j_security_check, which can be found in the web administration package. It should work against Tomcat servers 4.1.0 - 4.1.39, 5.5.0 - 5.5.27, and 6.0.0 - 6.0.18. Newer versions no longer have the "admin" package by default. The admin package is no longer provided for Tomcat 6 and later versions.
ddc9c4c9f598773b8e0921e7125f71bd3f5c7f1793c0f1c17a1adfd1577b0e43
The vulnerability allows remote unauthenticated attackers to force the IIS server to become unresponsive until the IIS service is restarted manually by the administrator. Required is that Active Server Pages are hosted by the IIS and that an ASP script reads out a Post Form value.
9edbe875f33f8abbbd70b40b78b0b3ee2f256cdbfd08ccf58b9ba2cabbd67558
Apache Axis versions 1.5 and below suffer from a session fixation vulnerability.
e8ac4786c1ee2cd8e132577dbe3ed809421efacae3ea413f9efaf2c5f418ca4e