Re: CHINANSL Security Advisory(CSA-200108)

Hi all. It is possible not only to get the listing but also the files. If you use replace the last / with %5c it will give you the file. example: http://target:8080/%2e%2e/%2e%2e%5cyourfilehere%00.jsp -Njack

CHINANSL Security Advisory(CSA-200108)

Topic: Tomcat 3.2.1 for win2000 Directory traversal Vulnerability vulnerable: Tomcat 3.2.1 for win2000 maybe for other operating system also. discussion: A security vulnerability has been found in Windows NT/2000 systems that have Tomcat 3.2.1 installed.The vulnerability allows remote