Hi "Jon S. Stevens",
Thanks your reply
Today,I download "jakarta-tomcat-4.0-b1.zip" from
http://jakarta.apache.org/.but I can build a special
URL get "jsp" source of Tomcat4.0-b1.
for example:
http://localhost:8080/examples/jsp/snp/snoop%2ejsp
Thanks again.
lovehacker
Copyright 2000-2001 CHI
}-Original Message-
}Sent: Tuesday, March 27, 2001 10:40 PM
}Subject: CHINANSL Security Advisory(CSA-200105)
}
}Topic:
}Tomcat 3.0 for win2000 Directory traversal
}Vulnerability
}
This was detailed earlier at:
http://www.securityfocus.com/templates/archive.pike?list=1&mid=16
Dear "lovehacker",
Tomcat 3.0 is an old version and has several known security holes. That is
why we recommend that people run the latest released version which is
currently 3.1.1 or 3.2.1 (depending on the branch you are interested).
Also, Tomcat 3.2.2b2 is also available on our website which f
Topic:
Tomcat 3.0 for win2000 Directory traversal
Vulnerability
vulnerable:
Tomcat 3.0 for win2000
maybe for other operating system also.
discussion:
A security vulnerability has been found in Windows
NT/2000 systems that have Tomcat 3.0 installed.The
vulnerability allows remote attacker