fyi, if you are using mod_jk 1.2.20 or earlier or Tomcat 5.5.20 or earlier.
http://www.securityfocus.com/bid/22791 Quoted from "http://www.milw0rm.com/exploits/4162": ** Advanced exploitation in exec-shield (Fedora Core case study) ** URL: http://x82.inetcop.org/h0me/papers/FC_exploit/FC_exploit.txt ** ** Reference: http://www.securityfocus.com/bid/22791 ** vendor: http://tomcat.apache.org/ ** ** eliteboy's exploit (SUSE, Debian, FreeBSD): ** http://www.milw0rm.com/exploits/4093 ** ** Nicob <nicob[at]nicob.net>'s exploit (Win32): ** http://downloads.securityfocus.com/vulnerabilities/exploits/apache_modjk_overflow.rb ** ** -- ** exploit by "you dong-hun"(Xpl017Elz), <[EMAIL PROTECTED]>. ** My World: http://x82.inetcop.org Axton Grams _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"