I've just been trying to confrm the "vulnerability" without any luck.
Any place in the "wild" where we could find such a problem?
I've tried replacing:
http://www.server.dom/jsp/test.jsp
with:
http://www.server.dom/jsp/test.jsp%0008
in a number of setups without any results.
Cheers,
Michiel
Norris Shelton wrote:
A co-worker that supports a federal sight just got an e-mail
from their admins indicating that his site is exposing jsp
source code when they appent %0008 to the end of their URLs. The view source shows his exact pages.
He is using Tomcat 4.1.30 and JDK 1.4.2_05
I tired it on my servers (TC 4.1.30 and JDK 1.4.2_06). Is this a JRE vulnerability?
=====
Norris Shelton Software Engineer Sun Certified Java 1.1 Programmer Appriss, Inc. ICQ# 26487421 AIM NorrisEShelton YIM norrisshelton
__________________________________ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- Michiel Toneman Software Engineer Bibit Global Payment Services Regulierenring 10 3981 LB Bunnik [EMAIL PROTECTED] Tel. +31-30-6595168 Fax +31-30-6564464 http://www.bibit.com/
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
