Re: CHINANSL Security Advisory(CSA-200105)

Sat, 31 Mar 2001 17:41:18 -0800 

Hi "Jon S. Stevens",

Thanks your reply
Today,I download "jakarta-tomcat-4.0-b1.zip" from 
http://jakarta.apache.org/.but I can build a special 
URL get "jsp" source of Tomcat4.0-b1.

for example:
http://localhost:8080/examples/jsp/snp/snoop%2ejsp

Thanks again.
lovehacker

Copyright 2000-2001 CHINANSL. All Rights
Reserved. Terms of use.

CHINANSL Security Team
<[EMAIL PROTECTED]>
CHINANSL INFORMATION TECHNOLOGY CO.,LTD
(http://www.chinansl.com)



> Dear "lovehacker",
> 
> Tomcat 3.0 is an old version and has several 
known security holes. That is
> why we recommend that people run the latest 
released version which is
> currently 3.1.1 or 3.2.1 (depending on the branch 
you are interested).
> 
> Also, Tomcat 3.2.2b2 is also available on our 
website which fixes the
> recently announced cross site scripting issue.
> 
> I would appreciate it if you would test and report 
your security holes
> against the released versions and not the old 
versions. I see no further
> action necessary unless your hole is also present 
in the current code base
> (I suspect that it isn't).
> 
> I also may have missed your posting, but giving 
advance notice to
> [EMAIL PROTECTED] and/or tomcat-
[EMAIL PROTECTED] would be more
> appropriate than posting to bugtraq first.
> 
> thanks,
> 
> Jon S. Stevens
> [EMAIL PROTECTED]
> ASF Member
> PMC Member - Jakarta Group
> 
> --
> If you come from a Perl or PHP background, JSP is 
a way to take
> your pain to new levels. --Anonymous
> <http://jakarta.apache.org/velocity/ymtd/ymtd.html>
> 
> on 3/27/01 10:40 PM, "lovehacker" 
<[EMAIL PROTECTED]> wrote:
> 
> > Topic:
> > Tomcat 3.0 for win2000 Directory traversal
> > Vulnerability
> >
> > vulnerable:
> > Tomcat 3.0 for win2000
> > maybe for other operating system also.
> >
> > discussion:
> > A security vulnerability has been found in 
Windows
> > NT/2000 systems that have Tomcat 3.0 
installed.The
> > vulnerability allows remote attackers to access 
files
> > outside the document root directory scope.
> >
> > exploits:
> > http://target:8080/../../winnt/win.ini%
> > 00examples/jsp/hello.jsp
> > It is possible to cause the Tomcat server to send
> > back the content of win.ini.
> >
> > solution:
> > None
> >
> > Copyright 2000-2001 CHINANSL. All Rights
> > Reserved. Terms of use.
> >
> > CHINANSL Security Team
> > <[EMAIL PROTECTED]>
> > CHINANSL INFORMATION TECHNOLOGY 
CO.,LTD
> > (http://www.chinansl.com)
> 
>

Reply via email to