From tomcat-dev-return-19626-apmail-jakarta-tomcat-dev-archive=jakarta.apache.org@jakarta.apache.org Mon Apr 02 04:59:48 2001
Return-Path: <tomcat-dev-return-19626-apmail-jakarta-tomcat-dev-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org
Received: (qmail 80349 invoked by uid 500); 2 Apr 2001 04:59:45 -0000
Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:tomcat-dev-help@jakarta.apache.org>
list-unsubscribe: <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
list-post: <mailto:tomcat-dev@jakarta.apache.org>
Reply-To: tomcat-dev@jakarta.apache.org
Delivered-To: mailing list tomcat-dev@jakarta.apache.org
Received: (qmail 80335 invoked from network); 2 Apr 2001 04:59:44 -0000
User-Agent: Microsoft-Outlook-Express-Macintosh-Edition/5.02.2022
Date: Sun, 01 Apr 2001 21:59:50 -0700
Subject: FW: CHINANSL Security Advisory(CSA-200110)
From: Jon Stevens <jon@latchkey.com>
To: tomcat-dev <tomcat-dev@jakarta.apache.org>
Message-ID: <B6ED5556.29D00%jon@latchkey.com>
In-Reply-To: <20010402034900.20042.qmail@securityfocus.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-Spam-Rating: h31.sny.collab.net 1.6.2 0/1000/N


----------
From: lovehacker <lovehacker@263.NET>
Reply-To: lovehacker@263.NET
Date: Mon, 2 Apr 2001 03:49:00 -0000
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: CHINANSL Security Advisory(CSA-200110)

Topic:Tomcat 4.0-b2 for winnt/2000 show ".jsp"
source Vulnerability.

vulnerable:
winnt/2000(maybe for other operating system also)
+ Tomcat 4.0-b2

discussion:
A security vulnerability has been found in Windows
NT/2000 systems that have Tomcat 4.0-b2 installed.
The 
vulnerability allows remote attackers to get ".jsp"
source.

exploits:
http://target:8080/examples/snp/snoop%252ejsp

solution:
None

Copyright 2000-2001 CHINANSL. All Rights
Reserved. Terms of use.
CHINANSL Security Team
<lovehacker@chinansl.com>
CHINANSL INFORMATION TECHNOLOGY CO.,LTD
(http://www.chinansl.com)