tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon Stevens <...@latchkey.com>
Subject FW: regards from lovehacker
Date Mon, 02 Apr 2001 06:45:08 GMT

----------
From: "lovehacker" <lovehacker@263.net>
Date: Mon, 2 Apr 2001 14:39:08 +0800
To: <jon@latchkey.com>
Subject: regards from lovehacker

hi jon:
>#1. Please report security issues to security@apache.org
>and/or tomcat-dev@jakarta.apache.org first. It seems
>like that is a common courtesy.

I am very sorry!
i will report security issues to security@apache.org first time.

Tomcat 4.0-b2 Vulnerability look at this:
http://Tomcat4.0-b2:8080/examples/jsp/snp/snoop%252ejsp "%252e" like "."
or
http://Tomcat4.0-b2:8080/examples/jsp/snp/snoop.jsp%2581 "%2581" like "?"
or 
http://Tomcat4.0-b2:8080/examples/jsp/snp/snoop.js%2570 "%2570" like "p"

lovehacker
China Network Security League
http://www.chinansl.com
lovehacker@chinansl.com



Mime
View raw message