Re: Tomcat 4.1 real path disclosure

• Previous message: acemi: "Snitz Forums 2000 remote SQL query manipulation vulnerability"
• In reply to: Wang Yun: "Tomcat 4.1 real path disclosure"
• Next in thread: Ian Darwin: "Re: Tomcat 4.1 real path disclosure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It appears as though Tomcat v3.2.3 is not vulnerable:


GET /+/index.jsp HTTP/1.0
- -------------------------
Not Found (404)
Original request: /+/index.jsp
Not found request: /+/index.jsp


GET />/index.jsp HTTP/1.0
- -------------------------
Not Found (404)
Original request:</b> /&gt;/index.jsp
Not found request:</b> /&gt;/index.jsp


GET /</index.jsp HTTP/1.0
- -------------------------
Not Found (404)
Original request: /&lt;/index.jsp
Not found request: /&lt;/index.jsp


GET /%20/index.jsp HTTP/1.0
- -------------------------
Not Found (404)
Original request: /%20/index.jsp
Not found request: /%20/index.jsp



   - Joe Testa



NeXpose: the only expert-system based network vulnerability
scanner with less than 1% false positives: http://www.rapid7.com/

GPG key:  http://www.cs.rit.edu/~jst3290/joetesta_r7.pub
A22B 2683 C40E 5443 AE52  AD6D 65B2 F5DF 4B11 06B4

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8wGbHZbL130sRBrQRAkGMAJ9fDpuPNn+GiGHXg7Xkmrg61VVCDwCeO0z+
rgjmj5/3k580whGTDaY1/BI=
=Xg2V
-----END PGP SIGNATURE-----

• Next message: Chip Andrews: "Re: Microsoft Security Bulletin - MS02-020"
• Previous message: acemi: "Snitz Forums 2000 remote SQL query manipulation vulnerability"
• In reply to: Wang Yun: "Tomcat 4.1 real path disclosure"
• Next in thread: Ian Darwin: "Re: Tomcat 4.1 real path disclosure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 19 2002 - 17:12:02 PDT