[19914] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

CHINANSL Security Advisory(CSA-200105)

daemon@ATHENA.MIT.EDU (lovehacker)
Wed Mar 28 20:12:27 2001

Message-ID:  <20010328064018.21231.qmail@securityfocus.com>
Date:         Wed, 28 Mar 2001 06:40:18 -0000
Reply-To: lovehacker@263.NET
From: lovehacker <lovehacker@263.NET>
To: BUGTRAQ@SECURITYFOCUS.COM

Topic:
Tomcat 3.0 for win2000 Directory traversal 
Vulnerability

vulnerable:
  Tomcat 3.0 for win2000
   maybe for other operating system also.

discussion:
A security vulnerability has been found in Windows 
NT/2000 systems that have Tomcat 3.0 installed.The 
vulnerability allows remote attackers to access files 
outside the document root directory scope.

exploits:
http://target:8080/../../winnt/win.ini%
00examples/jsp/hello.jsp 
It is possible to cause the Tomcat server to send 
back the content of win.ini.

solution:
None

Copyright 2000-2001 CHINANSL. All Rights 
Reserved. Terms of use. 

CHINANSL Security Team 
<lovehacker@chinansl.com> 
CHINANSL INFORMATION TECHNOLOGY CO.,LTD 
(http://www.chinansl.com)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[19914] in bugtraq

CHINANSL Security Advisory(CSA-200105)

daemon@ATHENA.MIT.EDU (lovehacker)Wed Mar 28 20:12:27 2001

daemon@ATHENA.MIT.EDU (lovehacker)
Wed Mar 28 20:12:27 2001