tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon Stevens <...@latchkey.com>
Subject FW: CHINANSL Security Advisory(CSA-200110)
Date Mon, 02 Apr 2001 04:59:50 GMT

----------
From: lovehacker <lovehacker@263.NET>
Reply-To: lovehacker@263.NET
Date: Mon, 2 Apr 2001 03:49:00 -0000
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: CHINANSL Security Advisory(CSA-200110)

Topic:Tomcat 4.0-b2 for winnt/2000 show ".jsp"
source Vulnerability.

vulnerable:
winnt/2000(maybe for other operating system also)
+ Tomcat 4.0-b2

discussion:
A security vulnerability has been found in Windows
NT/2000 systems that have Tomcat 4.0-b2 installed.
The 
vulnerability allows remote attackers to get ".jsp"
source.

exploits:
http://target:8080/examples/snp/snoop%252ejsp

solution:
None

Copyright 2000-2001 CHINANSL. All Rights
Reserved. Terms of use.
CHINANSL Security Team
<lovehacker@chinansl.com>
CHINANSL INFORMATION TECHNOLOGY CO.,LTD
(http://www.chinansl.com)




Mime
View raw message