|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jon Stevens (jon
LATCHKEY.COM)Date: Sun Apr 01 2001 - 19:42:05 CDT
on 3/30/01 11:26 PM, "lovehacker" <lovehacker263.NET> wrote:
> Topic:
> Tomcat 3.2.1 for win2000 Directory traversal
> Vulnerability
>
> vulnerable:
> Tomcat 3.2.1 for win2000
> maybe for other operating system also.
>
> discussion:
> A security vulnerability has been found in Windows
> NT/2000 systems that have Tomcat 3.2.1
> installed.The
> vulnerability allows remote attackers to access files
> outside the document root directory scope.
>
> exploits:
> http://target:8080/%2e%2e/%2e%2e/%00.jsp
> It is possible to cause the Tomcat server to Listing
> outside the document root directory scope.
>
> solution:
> None
>
> Copyright 2000-2001 CHINANSL. All Rights
> Reserved. Terms of use.
>
> CHINANSL Security Team
> <lovehackerchinansl.com>
> CHINANSL INFORMATION TECHNOLOGY CO.,LTD
> (http://www.chinansl.com)
What is with this Copyright stuff?
#1. Please report security issues to securityapache.org and/or
tomcat-devjakarta.apache.org first. It seems like that is a common
courtesy.
#2. Please test against the latest Tomcat 4.0 which is 4.0b2. I believe that
this has already been fixed.
p.s. Your lovehacker263.net email address bounces.
-jon
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]