tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marc Saegesser" <marc.saeges...@apropos.com>
Subject RE: CHINANSL Security Advisory(CSA-200108)
Date Mon, 02 Apr 2001 17:59:13 GMT
I've been trying to reproduce this using 3.2.1 on Win2000 (as the original
reported stated) and so far I can't make it happen.  In all cases I get a
404.

I get the same results using 3.2.2b2.

> -----Original Message-----
> From: Jon Stevens [mailto:jon@latchkey.com]
> Sent: Monday, April 02, 2001 1:04 PM
> To: tomcat-dev
> Subject: FW: CHINANSL Security Advisory(CSA-200108)
>
>
>
> ----------
> From: Stian Myhre <niggah@ONLINE.NO>
> Reply-To: Stian Myhre <niggah@ONLINE.NO>
> Date: Mon, 2 Apr 2001 11:54:52 +0200
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject: Re: CHINANSL Security Advisory(CSA-200108)
>
> Hi all.
>
> It is possible not only to get the listing
> but also the files.
> If you use replace the last / with %5c it will
> give you the file.
>
> example:
> > http://target:8080/%2e%2e/%2e%2e%5cyourfilehere%00.jsp
>
> -Njack


Mime
View raw message