hmm.. that would be _this_ old chestnut... (a little eager on the send, sorry.)
http://shh.thathost.com/secadv/2001-03-29-tomcat.txt This particular exploit was fixed a long time ago (wasn't it?) Mike Curwen > -----Original Message----- > From: Norris Shelton [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 16, 2005 9:27 AM > To: Tomcat > Subject: percent 0008 exploit > > > A co-worker that supports a federal sight just got an e-mail > from their admins indicating that his site is exposing jsp > source code when they appent %0008 to the end of their URLs. > The view source shows his exact pages. > > He is using Tomcat 4.1.30 and JDK 1.4.2_05 > > I tired it on my servers (TC 4.1.30 and JDK 1.4.2_06). Is > this a JRE vulnerability? > > ===== > > Norris Shelton > Software Engineer > Sun Certified Java 1.1 Programmer > Appriss, Inc. > ICQ# 26487421 > AIM NorrisEShelton > YIM norrisshelton > > > > > __________________________________ > Do you Yahoo!? > Meet the all-new My Yahoo! - Try it today! > http://my.yahoo.com > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]