('binary' encoding is not supported, stored as-is) Class: default installation error
Remote: Yes
Local: Yes
Published: 2002-4-21
Vulnerable: Tomcat 3.2.4、4.0.1、4.0.3 and so on

Discussion:
CHINANSL Security team discovered that there is a
security problem in the condition of Tomcat web
serve’s default installation. The customer can acquire
the real path of Tomcat’s installation in the system by
the two “servlet” documents which are installed by
default. Therefore, more information is provided to the
hacker’s attacks.
    An “examples” directory, existing in the default
installed Tomcat, includes some examples of “JSP”
and “Servlet” that are provided by Tomcat for the
customers. The attacker can gain much information
(such as: the type of operating system, Tomcat’s
installation directory )from two of the documents
(SnoopServlet、TroubleShooter)
Note: we can’t find the two links of “SnoopServle”
and “TroubleShooter” when we access
http://localhost:8080/examples/servlets/index.html

Exploit:
http://localhost:8080/examples/servlet/SnoopServlet
http://localhost:8080/examples/servlet/TroubleShooter
All of these can gain the real installed directory of
TOMCAT

Solution:：
Please delete the two documents
(SnoopServlet.class、TroubleShooter.class)in the
directory
of “TOMCAT_HOME\webapps\examples\WEB-
INF\classes”

Reference:
This security advisory comes from CHINANSL
TECHNOLOGY CO.,LTD. It can be transshipped. But
please guarantee the completion of the article,
otherwise we will pursue the rights of the law.
www.chinansl.com
lovehackerchinansl.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]