JWSDK *add-on

From: Phuong Nguyen (dphuongat_private)
Date: Mon Aug 20 2001 - 06:13:47 PDT

Next message: Enrico Kern: "Multiple-Vendor-FTP-Vuln. (old?)"

Previous message: Thomas Biege: "SuSE Security Announcement: sdb (SuSE-SA:2001:027)"
Next in thread: KF: "Re: JWSDK *add-on"
Reply: KF: "Re: JWSDK *add-on"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Javaserver Web Dev Kit version 1.0 (JWSDK) 

JWSDK directory traversal vulnerability is found by
CHINANSL Security Advisory(CSA-200106), i want to add
another thing, it's also vulnerable to other operating
system like redhat 6.1 and this nasty bug allows you
to browse and read any file with ROOT previledge , so
you can read shadow file and stuff


http://localhost:8080/../examples//WEB-INF/../../../../../




__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

Next message: Enrico Kern: "Multiple-Vendor-FTP-Vuln. (old?)"
Previous message: Thomas Biege: "SuSE Security Announcement: sdb (SuSE-SA:2001:027)"
Next in thread: KF: "Re: JWSDK *add-on"
Reply: KF: "Re: JWSDK *add-on"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 10:26:26 PDT