Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
From: joetestaHUSHMAIL.COM
Date: Sun Feb 04 2001 - 13:23:19 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Vulnerability in Free Java Web Server


    Free Java Web Server v1.0 is a Java web server available from
    http://www.download.com. A vulnerability exists which allows a remote
    user to break out of the web root using relative paths (ie: '..', '...').


            http://localhost/../[file outside web root]
            http://localhost/.../[file outside web root]


    No quick fix is possible.

        Vendor Status

        The author, Dattaraj J. Rao, was contacted via
    <jagraogoa1.dot.net.in> on Sunday, January 28, 2001. No reply was

            - Joe Testa ( joetestahushmail.com )

    IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
    Get your FREE, totally secure email address at http://www.hushmail.com.