('binary' encoding is not supported, stored as-is) Class: default installation error Remote: Yes Local: Yes Published: 2002-4-21 Vulnerable: Tomcat 3.2.4、4.0.1、4.0.3 and so on Discussion: CHINANSL Security team discovered that there is a security problem in the condition of Tomcat web serve’s default installation. The customer can acquire the real path of Tomcat’s installation in the system by the two “servlet” documents which are installed by default. Therefore, more information is provided to the hacker’s attacks. An “examples” directory, existing in the default installed Tomcat, includes some examples of “JSP” and “Servlet” that are provided by Tomcat for the customers. The attacker can gain much information (such as: the type of operating system, Tomcat’s installation directory )from two of the documents (SnoopServlet、TroubleShooter) Note: we can’t find the two links of “SnoopServle” and “TroubleShooter” when we access http://localhost:8080/examples/servlets/index.html Exploit: http://localhost:8080/examples/servlet/SnoopServlet http://localhost:8080/examples/servlet/TroubleShooter All of these can gain the real installed directory of TOMCAT Solution:: Please delete the two documents (SnoopServlet.class、TroubleShooter.class)in the directory of “TOMCAT_HOME\webapps\examples\WEB- INF\classes” Reference: This security advisory comes from CHINANSL TECHNOLOGY CO.,LTD. It can be transshipped. But please guarantee the completion of the article, otherwise we will pursue the rights of the law. www.chinansl.com lovehackerat_private
This archive was generated by hypermail 2b30 : Mon Apr 22 2002 - 21:31:02 PDT