('binary' encoding is not supported, stored as-is) I tried posting to Bugtraq...but perhaps this is the more appropriate mailing list. Anyways here are some Response headers to servers that are vulnerable to the %3f.jsp directory listing exploit -Slow2Show- University of Florida HTTP/1.0 200 OK Date: Fri, 30 Nov 2001 03:43:27 GMT Server: Jetty/3.1.RC8 (Linux 2.2.16-22enterprise x86) Servlet-Engine: Jetty/3.1 (JSP 1.1; Servlet 2.2; java 1.3.0) HTTP/1.1 200 OK Date: Fri, 30 Nov 2001 04:00:20 GMT Server: Apache/1.3.20 (Linux/SuSE) mod_jk Last-Modified: Thu, 01 Nov 2001 21:20:47 GMT HTTP/1.1 302 Found Date: Fri, 30 Nov 2001 04:03:07 GMT Server: Apache/1.3.14 (Unix) PHP/4.0.6 ApacheJServ/1.1.2 Servlet-Engine: Tomcat Web Server/3.2.3 (JSP 1.1; Servlet 2.2; Java 1. 5.8 sparc; java.vendor=Sun Microsystems Inc.)
This archive was generated by hypermail 2b30 : Fri Nov 30 2001 - 13:41:29 PST